Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen kann nicht gelöscht werden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 12.04.2011, 16:08   #1
CrazyFlocke
 
TR/Crypt.XPACK.Gen kann nicht gelöscht werden - Standard

TR/Crypt.XPACK.Gen kann nicht gelöscht werden



Hallöchen, ich hab da einen richtig hartnäckigen Trojaner auf meinem Laptop. Ich sag jetzt schon mal, ich hab von PC und so nicht viel Ahnung und hoffe somit hier Hilfe zu finden-für doofe...
Also zu meinem Problem, ich hab vor längerem eine Benachrichtigung von Avira bekommen, das ich den oben genannten Trojaner in "C:\Windows\System32\PRAGMAumopptpily.dll" habe. Natürlich habe ich erst mal nach dem Ordner gesucht und gegoogelt, habe allerdings keine Anzeiche für die Existenz dieses Ordners / dieser Datei gefunden. Ich habe auch schon bei vielen anderen Foren geschaut, aber eine konkrete Lösung für mich war nicht dabei. Nach einer Erneuten Meldung wollte ich den Trojaner in Quarantäne verschieben und löschen, das ging allerdings nicht. Ich habe auch einen Scan durchlaufen lassen(von Avira) doch der findet diesen Trojaner nicht, stattdessen habe ich zwei neue Viren entdeckt -.- solangsam bin ich echt Ratlos und genervt. Ich möchte meinen Rechner jetzt nicht platt machen und wieder neu aufsetzen... bitte helft mir! Danke im voraus
PS: Ich dieser Trojaner vielleicht such schuld dara, das mein Laptop andauernt abstürzt?OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/12/2011 4:28:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 128.44 Gb Free Space | 57.00% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 176.99 Gb Free Space | 78.55% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - Am Ende der Welt
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22CF0E58-982E-F040-6233-0D46C5EB1031}" = Nero 7 Premium
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = Die Sims™ 3 Erstelle ein Muster-Tool
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine 
"EA Games 4.5.1.0" = EA Games 4.5.1.0
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Escape From Paradise 2 - A Kingdom's Quest 1.00" = Escape From Paradise 2 - A Kingdom's Quest 1.00
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LG PC Suite IV" = LG PC Suite IV
"LSI Soft Modem" = LSI HDA Modem
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Opera 11.01.1190" = Opera 11.01
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"PriceGong" = PriceGong 2.1.0
"PROHYBRIDR" = 2007 Microsoft Office system
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Radio_Bar_2 Toolbar" = Radio Bar 2 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Island Castaway BFG 1.00" = The Island Castaway BFG 1.00
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8/2/2010 11:59:45 AM | Computer Name = ***-PC | Source = VSS | ID = 8193
Description = 
 
Error - 8/2/2010 11:59:53 AM | Computer Name = ***-PC | Source = VSS | ID = 8193
Description = 
 
Error - 8/2/2010 11:59:53 AM | Computer Name = ***-PC | Source = SPP | ID = 16387
Description = 
 
Error - 8/2/2010 11:59:53 AM | Computer Name = ***-PC | Source = Windows Backup | ID = 4100
Description = 
 
Error - 8/2/2010 12:38:13 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bc69e  Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
 Zeitstempel: 0x4be2b79f  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00008d41  ID des fehlerhaften
 Prozesses: 0xd64  Startzeit der fehlerhaften Anwendung: 0x01cb3261169bf047  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll  Berichtskennung: 572324b8-9e54-11df-b5ca-00245416dba5
 
Error - 8/2/2010 5:46:23 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bc69e  Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
 Zeitstempel: 0x4be2b79f  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00008d41  ID des fehlerhaften
 Prozesses: 0x12dc  Startzeit der fehlerhaften Anwendung: 0x01cb328c2306d3ce  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll  Berichtskennung: 6442fe02-9e7f-11df-b5ca-00245416dba5
 
Error - 8/2/2010 5:47:34 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bc69e  Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
 Zeitstempel: 0x4be2b79f  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00008d41  ID des fehlerhaften
 Prozesses: 0x998  Startzeit der fehlerhaften Anwendung: 0x01cb328c4e8afb5b  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll  Berichtskennung: 8e7f1511-9e7f-11df-b5ca-00245416dba5
 
Error - 8/2/2010 5:52:27 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bc69e  Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
 Zeitstempel: 0x4be2b79f  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00008d41  ID des fehlerhaften
 Prozesses: 0x954  Startzeit der fehlerhaften Anwendung: 0x01cb328cfc9d1f64  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll  Berichtskennung: 3d245168-9e80-11df-b5ca-00245416dba5
 
Error - 8/2/2010 6:31:22 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bc69e  Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
 Zeitstempel: 0x4be2b79f  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00008d41  ID des fehlerhaften
 Prozesses: 0x1ee0  Startzeit der fehlerhaften Anwendung: 0x01cb32926d2d3ada  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll  Berichtskennung: acecdeaa-9e85-11df-b5ca-00245416dba5
 
Error - 8/2/2010 6:47:12 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bc69e  Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
 Zeitstempel: 0x4be2b79f  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00008d41  ID des fehlerhaften
 Prozesses: 0x19d8  Startzeit der fehlerhaften Anwendung: 0x01cb3294a2e90089  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll  Berichtskennung: e331ac7a-9e87-11df-b5ca-00245416dba5
 
[ OSession Events ]
Error - 7/23/2010 12:26:59 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 56
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/26/2010 3:04:05 AM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 3/27/2011 3:56:11 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 3/28/2011 12:53:46 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 4/12/2011 10:21:04 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   tcpipBM
 
Error - 4/12/2011 10:21:51 AM | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 4/12/2011 10:21:51 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 4/12/2011 10:21:51 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/12/2011 4:28:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 128.44 Gb Free Space | 57.00% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 176.99 Gb Free Space | 78.55% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/04/12 16:17:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011/03/18 14:57:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/06 12:37:27 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/09/06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010/08/02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/03/23 09:50:12 | 000,632,464 | ---- | M] (Secure Digital Services) -- C:\Program Files\OfferBox\OfferBox.exe
PRC - [2010/02/01 23:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 23:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/12 14:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/11 13:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009/09/11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/09/02 09:56:00 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/09/02 09:55:32 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/06 09:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/28 04:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/12 17:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/04/12 16:17:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010/12/21 07:34:12 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 03:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2009/07/14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2009/07/14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2009/07/14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009/07/14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (MyWebSearchService)
SRV - [2011/03/18 14:57:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/08/02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/28 09:22:00 | 000,364,544 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/09/11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/09/02 09:55:32 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/28 04:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/03/18 14:57:23 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/10 22:41:37 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/10 03:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/02 10:31:04 | 005,173,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/22 00:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/04/09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=17434
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2010/08/07 02:09:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011/03/26 20:57:54 | 000,000,000 | ---D | M]
 
[2010/07/04 20:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010/07/04 20:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found.
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Radio Bar 2 Toolbar) - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Radio Bar 2 Toolbar) - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Radio Bar 2 Toolbar) - {9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Driver Updater]  File not found
O4 - HKCU..\Run: [LG LinkAir]  File not found
O4 - HKCU..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jessica\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.97
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fcc8f41-3b7e-11e0-8438-00245416dba5}\Shell - "" = AutoRun
O33 - MountPoints2\{2fcc8f41-3b7e-11e0-8438-00245416dba5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2fcc8f4a-3b7e-11e0-8438-00245416dba5}\Shell - "" = AutoRun
O33 - MountPoints2\{2fcc8f4a-3b7e-11e0-8438-00245416dba5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6c2b78cf-5ddb-11e0-be22-00245416dba5}\Shell - "" = AutoRun
O33 - MountPoints2\{6c2b78cf-5ddb-11e0-be22-00245416dba5}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{de7b752f-57a5-11e0-8487-00245416dba5}\Shell - "" = AutoRun
O33 - MountPoints2\{de7b752f-57a5-11e0-8487-00245416dba5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: phonostar-Player - hkey= - key= -  File not found
MsConfig - StartUpReg: phonostarTimer - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/12 16:28:00 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/04/12 16:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/12 16:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/12 16:17:24 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Jessica\Desktop\Erunt-setup.exe
[2011/04/12 16:17:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2011/04/12 16:17:24 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\TFC.exe
[2011/04/11 19:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2011/04/09 12:38:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin
[2011/04/09 12:35:04 | 000,000,000 | ---D | C] -- C:\windows\Jojos Fashion Show World Tour
[2011/04/07 22:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2011/04/07 20:53:23 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Documents\MediaGet
[2011/04/07 20:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2011/04/07 19:32:38 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Sahmon Games
[2011/04/07 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2011/04/07 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\EscapefromParadise2_at
[2011/04/04 17:59:31 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Documents\LG PC Suite IV
[2011/04/04 17:59:31 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\LG Electronics
[2011/04/04 17:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite IV
[2011/04/04 17:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011/03/28 18:49:05 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Documents\Privat^^
[2011/03/26 20:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2011/03/26 20:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2011/03/26 20:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2011/03/23 18:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/03/20 17:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\DVDVideoSoft
[2011/03/20 16:58:57 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/03/17 18:12:19 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Desktop\Neuer Ordner
[2010/02/06 17:44:26 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA574.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/12 16:28:08 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 16:28:08 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 16:27:05 | 000,001,078 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/12 16:26:53 | 000,000,898 | ---- | M] () -- C:\Users\Jessica\Desktop\NTREGOPT.lnk
[2011/04/12 16:26:53 | 000,000,879 | ---- | M] () -- C:\Users\Jessica\Desktop\ERUNT.lnk
[2011/04/12 16:24:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/12 16:20:49 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/12 16:20:48 | 000,000,294 | -H-- | M] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/12 16:20:45 | 000,000,294 | -H-- | M] () -- C:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/12 16:20:39 | 000,000,310 | -HS- | M] () -- C:\windows\tasks\JWSH.job
[2011/04/12 16:20:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/12 16:20:17 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 16:17:38 | 000,301,568 | ---- | M] () -- C:\Users\***\Desktop\g2m3e4r.exe
[2011/04/12 16:17:36 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011/04/12 16:17:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011/04/12 16:17:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011/04/12 15:14:44 | 279,879,418 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/04/12 14:26:46 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
[2011/04/11 18:24:05 | 000,002,252 | ---- | M] () -- C:\Users\***\Desktop\Escape From Paradise 2 - A Kingdom's Quest.lnk
[2011/04/08 13:47:55 | 000,002,097 | ---- | M] () -- C:\Users\***\Desktop\The Island Castaway BFG.lnk
[2011/04/08 13:47:46 | 000,752,824 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/04/08 13:47:46 | 000,697,930 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/08 13:47:46 | 000,170,446 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/04/08 13:47:46 | 000,137,814 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/07 20:50:36 | 000,150,016 | RHS- | M] () -- C:\windows\System32\makecab1.dll
[2011/04/07 19:31:35 | 000,001,947 | ---- | M] () -- C:\Users\***\Desktop\More Great Games.lnk
[2011/04/04 17:59:31 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk
[2011/03/26 20:58:02 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone SMS.lnk
[2011/03/26 20:58:02 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2011/03/23 18:34:34 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*Mittelalter.lnk
[2011/03/20 17:29:16 | 000,001,201 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/18 14:57:23 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
 
========== Files Created - No Company Name ==========
 
[2011/04/12 16:27:05 | 000,001,078 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/12 16:26:53 | 000,000,898 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011/04/12 16:26:53 | 000,000,879 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011/04/12 16:17:25 | 000,301,568 | ---- | C] () -- C:\Users\***\Desktop\g2m3e4r.exe
[2011/04/12 15:14:44 | 279,879,418 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/04/12 14:26:45 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/04/11 18:24:05 | 000,002,252 | ---- | C] () -- C:\Users\***\Desktop\Escape From Paradise 2 - A Kingdom's Quest.lnk
[2011/04/07 22:24:07 | 000,002,097 | ---- | C] () -- C:\Users\***\Desktop\The Island Castaway BFG.lnk
[2011/04/07 20:50:43 | 000,000,294 | -H-- | C] () -- C:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/07 20:50:41 | 000,000,294 | -H-- | C] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/07 20:50:36 | 000,150,016 | RHS- | C] () -- C:\windows\System32\makecab1.dll
[2011/04/07 20:50:36 | 000,000,310 | -HS- | C] () -- C:\windows\tasks\JWSH.job
[2011/04/07 17:59:19 | 000,001,947 | ---- | C] () -- C:\Users\***\Desktop\More Great Games.lnk
[2011/04/04 17:59:31 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk
[2011/03/29 15:53:49 | 000,027,648 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2011/03/29 15:53:49 | 000,003,072 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/03/26 20:58:02 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone SMS.lnk
[2011/03/26 20:58:02 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2011/03/23 18:34:34 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*Mittelalter.lnk
[2010/11/16 10:56:46 | 000,245,504 | ---- | C] () -- C:\windows\PI.EXE
[2010/10/05 01:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2010/04/21 18:20:27 | 000,002,620 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll
[2010/03/13 17:23:00 | 000,001,300 | ---- | C] () -- C:\windows\disney.ini
[2009/12/25 17:44:49 | 000,000,056 | ---- | C] () -- C:\windows\TKKG_7.ini
[2009/11/30 20:57:52 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/30 20:15:29 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/11/30 19:58:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/08 04:30:57 | 000,752,824 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/10/08 04:30:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/10/08 04:30:57 | 000,170,446 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/10/08 04:30:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/10/08 04:10:19 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/10/08 04:10:19 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/10/08 04:10:18 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/10/08 03:48:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/10/07 12:15:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/10/07 11:59:41 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,452,400 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,697,930 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,137,814 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/01/24 22:24:46 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010/04/01 23:17:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcadetown_DressUpRush
[2011/02/18 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bytemobile
[2010/03/13 17:31:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Disney Interactive Studios
[2011/03/20 17:29:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011/03/20 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/11 18:25:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EscapeFromParadise2
[2010/06/19 12:53:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FissaSearch
[2010/02/15 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeAudioPack
[2010/11/15 12:34:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GamesCafe
[2009/12/07 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Go Go Gourmet
[2010/06/18 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010/01/18 01:59:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Home Sweet Home
[2011/04/11 17:42:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010/07/06 21:55:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IMVUClient
[2011/01/30 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Little Worlds Online
[2010/03/29 16:24:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Merscom
[2010/06/19 12:55:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\moovida-1
[2010/03/29 13:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\oberon
[2010/09/13 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OfferBox
[2010/11/17 14:07:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2010/02/15 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010/08/07 01:41:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010/08/10 15:46:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH
[2010/08/13 18:21:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player
[2009/12/07 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst
[2010/04/02 22:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Playrix Entertainment
[2010/08/13 20:41:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickStoresToolbar
[2011/04/07 19:32:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sahmon Games
[2010/04/14 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Search Settings
[2010/07/04 20:51:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vivox
[2011/02/18 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2011/02/08 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom
[2011/04/12 16:20:39 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\JWSH.job
[2011/03/30 15:51:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/12 16:20:48 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/12 16:20:45 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/03/06 10:10:02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/04/12 14:27:40 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/10/07 11:52:40 | 000,000,000 | ---D | M] -- C:\Intel
[2009/11/30 20:00:18 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/04/12 16:26:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/04/12 14:25:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/03/23 19:18:44 | 000,000,000 | ---D | M] -- C:\Programs
[2009/11/30 19:55:04 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/04/12 16:26:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/03/06 10:09:11 | 000,000,000 | R--D | M] -- C:\Users
[2011/04/12 16:28:00 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-05 21:30:05
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:7793C843
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:24DEDB49
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:3CBF61F6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:CBAC4FD8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:27F44544
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:D7F0D751
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:3D2773A9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:2D53590F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:26C2E4B1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EB603FE4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5EE6D8DC
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:98C1E88D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:30FF836C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C10779F9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:85A93A49
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FD5FB170
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FD444D31
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:AF5A3939
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A561857E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:99A72E3A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4A6AD8EC
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:81E7CF6A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:375FC7E7
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:C4B2CA39

< End of report >
         
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-12 17:39:16
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1  rev.
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\pwlirfoc.sys


---- System - GMER 1.0.15 ----

Code            87524048                                                                                         ZwEnumerateKey
Code            8742C6B8                                                                                         ZwFlushInstructionCache
Code            875266F5                                                                                         IofCallDriver
Code            874373B6                                                                                         IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!IofCallDriver                                                                       83479ED0 5 Bytes  JMP 875266FA 
.text           ntoskrnl.exe!IofCompleteRequest                                                                  83479F3D 5 Bytes  JMP 874373BB 
.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                  834808A9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                           834A0312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            ntoskrnl.exe!ZwEnumerateKey                                                                      83670475 5 Bytes  JMP 8752404C 
PAGE            ntoskrnl.exe!ZwFlushInstructionCache                                                             836A2C31 5 Bytes  JMP 8742C6BC 
.text           C:\windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x92C2D000, 0x2DEB7A, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000050                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module          \systemroot\PRAGMAqswxqwvnrt\PRAGMAd.sys (*** hidden *** )                                       925E0000-92604000 (147456 bytes)                                                                                                                     

---- Services - GMER 1.0.15 ----

Service         system32\drivers\PRAGMAbbpeptriwu.sys (*** hidden *** )                                          [SYSTEM] PRAGMAd.sys                                                                                                                                  <-- ROOTKIT !!!
Service         C:\windows\PRAGMAqswxqwvnrt\PRAGMAd.sys (*** hidden *** )                                        [SYSTEM] PRAGMAqswxqwvnrt                                                                                                                             <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00116755904c                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00116755904c@00265fc8fbd1         0x3A 0x52 0xFF 0x98 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea93e9                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys@start                                         1
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys@type                                          1
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys@group                                         file system
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys@imagepath                                     \systemroot\system32\drivers\PRAGMAbbpeptriwu.sys
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules                                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@PRAGMAc                               \\?\globalroot\systemroot\system32\PRAGMAumopptpily.dll
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@PRAGMAd                               \\?\globalroot\systemroot\system32\drivers\PRAGMAbbpeptriwu.sys
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@PRAGMAsrcr                            \\?\globalroot\systemroot\system32\PRAGMAeautwyitvk.dat
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@pragmaserf                            \\?\globalroot\systemroot\system32\PRAGMAmvvicxybpe.dll
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@pragmabbr                             \\?\globalroot\systemroot\system32\PRAGMAwvtopreatr.dll
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAqswxqwvnrt                                          
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAqswxqwvnrt@start                                    1
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAqswxqwvnrt@type                                     1
Reg             HKLM\SYSTEM\CurrentControlSet\services\PRAGMAqswxqwvnrt@imagepath                                \systemroot\PRAGMAqswxqwvnrt\PRAGMAd.sys
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00116755904c (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00116755904c@00265fc8fbd1             0x3A 0x52 0xFF 0x98 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys (not active ControlSet)                           
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys@start                                             1
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys@type                                              1
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys@group                                             file system
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys@imagepath                                         \systemroot\system32\drivers\PRAGMAbbpeptriwu.sys
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules (not active ControlSet)                   
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@PRAGMAc                                   \\?\globalroot\systemroot\system32\PRAGMAumopptpily.dll
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@PRAGMAd                                   \\?\globalroot\systemroot\system32\drivers\PRAGMAbbpeptriwu.sys
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@PRAGMAsrcr                                \\?\globalroot\systemroot\system32\PRAGMAeautwyitvk.dat
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@pragmaserf                                \\?\globalroot\systemroot\system32\PRAGMAmvvicxybpe.dll
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@pragmabbr                                 \\?\globalroot\systemroot\system32\PRAGMAwvtopreatr.dll
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAqswxqwvnrt (not active ControlSet)                      
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAqswxqwvnrt@start                                        1
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAqswxqwvnrt@type                                         1
Reg             HKLM\SYSTEM\ControlSet002\services\PRAGMAqswxqwvnrt@imagepath                                    \systemroot\PRAGMAqswxqwvnrt\PRAGMAd.sys

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                            sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File            C:\ProgramData\pragmamfeklnmal.dll                                                               1199 bytes
File            C:\Users\***\AppData\Local\Temp\PRAGMAcbc8.tmp                                               88576 bytes executable
File            C:\Users\***\AppData\Local\Temp\pragmamainqt.dll                                             10347 bytes
File            C:\Windows\PRAGMAqswxqwvnrt                                                                      0 bytes
File            C:\Windows\PRAGMAqswxqwvnrt\PRAGMAd.sys                                                          45056 bytes executable                                                                                                                                <-- ROOTKIT !!!
File            C:\Windows\System32\PRAGMAeautwyitvk.dat                                                         144 bytes
File            C:\Windows\System32\PRAGMAumopptpily.dll                                                         30208 bytes executable
File            C:\Windows\Temp\pragmamainqt.dll                                                                 10406 bytes

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Ich bewundere wirklich alle, dich damit etwas anfangen können!

Geändert von CrazyFlocke (12.04.2011 um 16:43 Uhr)

Alt 12.04.2011, 17:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen kann nicht gelöscht werden - Standard

TR/Crypt.XPACK.Gen kann nicht gelöscht werden



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Antwort

Themen zu TR/Crypt.XPACK.Gen kann nicht gelöscht werden
alternate, avgntflt.sys, avira, bho, c:\windows\system32\pragmaumopptpily.dll, converter, error, euro, excel, firefox, flash player, google, home, iexplore.exe, install.exe, kann nicht entfernt/gefunden werden, kann nicht gelöscht werden, location, locker, logfile, microsoft office 2003, microsoft office word, mp3, office 2007, oldtimer, pirates, plug-in, problem, realtek, saver, scan, security, security update, server, shell32.dll, software, start menu, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, viren, vodafone, webcheck, windows



Ähnliche Themen: TR/Crypt.XPACK.Gen kann nicht gelöscht werden


  1. Snap.do kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 15.01.2014 (4)
  2. MS DOS Anwedung kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (2)
  3. TR/Crypt.ULPM.Gen von Avira gefunden-kann nicht gelöscht werden.
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (16)
  4. 'TR/Sirefef.BP.1' kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (7)
  5. TR/Crypt.XPACK und TR/Dropper.Gen auf Win XP gefunden, wie kann er entfernt werden ?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (1)
  6. TR/Crypt.XPACK.Gen3 kann nicht entfernt werden
    Mülltonne - 18.10.2010 (1)
  7. TR/Crypt.XPACK.Gen gelöscht, oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2009 (147)
  8. TR/Crypt.XPACK.Gen wird nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 19.11.2008 (12)
  9. hgGaxuRh.dll kann nicht gelöscht werden
    Mülltonne - 15.07.2008 (0)
  10. TR/Crypt.XPACK.Gen durch AntiVir gelöscht oder nicht?
    Log-Analyse und Auswertung - 23.03.2008 (0)
  11. Trojanisches Pferd TR/Crypt.XPACK.Gen , bekomme diesen Trojaner nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 04.10.2007 (4)
  12. a.bat kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 20.08.2007 (15)
  13. trajaner kann nicht gelöscht werden,...
    Plagegeister aller Art und deren Bekämpfung - 26.05.2007 (5)
  14. TR/Vundo.Gen kann nicht gelöscht werden!
    Log-Analyse und Auswertung - 24.10.2006 (2)
  15. Datei kann nicht gelöscht werden.
    Plagegeister aller Art und deren Bekämpfung - 23.10.2005 (10)
  16. Ordner kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 27.02.2005 (7)
  17. Wer kann helfen: Download.Trojan / ied.exe kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 05.02.2005 (4)

Zum Thema TR/Crypt.XPACK.Gen kann nicht gelöscht werden - Hallöchen, ich hab da einen richtig hartnäckigen Trojaner auf meinem Laptop. Ich sag jetzt schon mal, ich hab von PC und so nicht viel Ahnung und hoffe somit hier Hilfe - TR/Crypt.XPACK.Gen kann nicht gelöscht werden...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen kann nicht gelöscht werden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.