| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen kann nicht gelöscht werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.04.2011, 16:08
| #1 |
| |  TR/Crypt.XPACK.Gen kann nicht gelöscht werden Hallöchen, ich hab da einen richtig hartnäckigen Trojaner auf meinem Laptop. Ich sag jetzt schon mal, ich hab von PC und so nicht viel Ahnung und hoffe somit hier Hilfe zu finden-für doofe  ...Also zu meinem Problem, ich hab vor längerem eine Benachrichtigung von Avira bekommen, das ich den oben genannten Trojaner in "C:\Windows\System32\PRAGMAumopptpily.dll" habe. Natürlich habe ich erst mal nach dem Ordner gesucht und gegoogelt, habe allerdings keine Anzeiche für die Existenz dieses Ordners / dieser Datei gefunden. Ich habe auch schon bei vielen anderen Foren geschaut, aber eine konkrete Lösung für mich war nicht dabei. Nach einer Erneuten Meldung wollte ich den Trojaner in Quarantäne verschieben und löschen, das ging allerdings nicht. Ich habe auch einen Scan durchlaufen lassen(von Avira) doch der findet diesen Trojaner nicht, stattdessen habe ich zwei neue Viren entdeckt -.- solangsam bin ich echt Ratlos und genervt. Ich möchte meinen Rechner jetzt nicht platt machen und wieder neu aufsetzen... bitte helft mir! Danke im voraus PS: Ich dieser Trojaner vielleicht such schuld dara, das mein Laptop andauernt abstürzt?OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/12/2011 4:28:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 128.44 Gb Free Space | 57.00% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 176.99 Gb Free Space | 78.55% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - Am Ende der Welt
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22CF0E58-982E-F040-6233-0D46C5EB1031}" = Nero 7 Premium
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = Die Sims™ 3 Erstelle ein Muster-Tool
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"EA Games 4.5.1.0" = EA Games 4.5.1.0
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Escape From Paradise 2 - A Kingdom's Quest 1.00" = Escape From Paradise 2 - A Kingdom's Quest 1.00
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LG PC Suite IV" = LG PC Suite IV
"LSI Soft Modem" = LSI HDA Modem
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Opera 11.01.1190" = Opera 11.01
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"PriceGong" = PriceGong 2.1.0
"PROHYBRIDR" = 2007 Microsoft Office system
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Radio_Bar_2 Toolbar" = Radio Bar 2 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Island Castaway BFG 1.00" = The Island Castaway BFG 1.00
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/2/2010 11:59:45 AM | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
Error - 8/2/2010 11:59:53 AM | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
Error - 8/2/2010 11:59:53 AM | Computer Name = ***-PC | Source = SPP | ID = 16387
Description =
Error - 8/2/2010 11:59:53 AM | Computer Name = ***-PC | Source = Windows Backup | ID = 4100
Description =
Error - 8/2/2010 12:38:13 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
Zeitstempel: 0x4be2b79f Ausnahmecode: 0xc00000fd Fehleroffset: 0x00008d41 ID des fehlerhaften
Prozesses: 0xd64 Startzeit der fehlerhaften Anwendung: 0x01cb3261169bf047 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll Berichtskennung: 572324b8-9e54-11df-b5ca-00245416dba5
Error - 8/2/2010 5:46:23 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
Zeitstempel: 0x4be2b79f Ausnahmecode: 0xc00000fd Fehleroffset: 0x00008d41 ID des fehlerhaften
Prozesses: 0x12dc Startzeit der fehlerhaften Anwendung: 0x01cb328c2306d3ce Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll Berichtskennung: 6442fe02-9e7f-11df-b5ca-00245416dba5
Error - 8/2/2010 5:47:34 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
Zeitstempel: 0x4be2b79f Ausnahmecode: 0xc00000fd Fehleroffset: 0x00008d41 ID des fehlerhaften
Prozesses: 0x998 Startzeit der fehlerhaften Anwendung: 0x01cb328c4e8afb5b Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll Berichtskennung: 8e7f1511-9e7f-11df-b5ca-00245416dba5
Error - 8/2/2010 5:52:27 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
Zeitstempel: 0x4be2b79f Ausnahmecode: 0xc00000fd Fehleroffset: 0x00008d41 ID des fehlerhaften
Prozesses: 0x954 Startzeit der fehlerhaften Anwendung: 0x01cb328cfc9d1f64 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll Berichtskennung: 3d245168-9e80-11df-b5ca-00245416dba5
Error - 8/2/2010 6:31:22 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
Zeitstempel: 0x4be2b79f Ausnahmecode: 0xc00000fd Fehleroffset: 0x00008d41 ID des fehlerhaften
Prozesses: 0x1ee0 Startzeit der fehlerhaften Anwendung: 0x01cb32926d2d3ada Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll Berichtskennung: acecdeaa-9e85-11df-b5ca-00245416dba5
Error - 8/2/2010 6:47:12 PM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: IEFRAME.dll, Version: 8.0.7600.16588,
Zeitstempel: 0x4be2b79f Ausnahmecode: 0xc00000fd Fehleroffset: 0x00008d41 ID des fehlerhaften
Prozesses: 0x19d8 Startzeit der fehlerhaften Anwendung: 0x01cb3294a2e90089 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\IEFRAME.dll Berichtskennung: e331ac7a-9e87-11df-b5ca-00245416dba5
[ OSession Events ]
Error - 7/23/2010 12:26:59 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/26/2010 3:04:05 AM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/27/2011 3:56:11 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/28/2011 12:53:46 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4/12/2011 10:21:04 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM
Error - 4/12/2011 10:21:51 AM | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description =
Error - 4/12/2011 10:21:51 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 4/12/2011 10:21:51 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description =
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description =
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 4/12/2011 10:22:01 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/12/2011 4:28:52 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 225.33 Gb Total Space | 128.44 Gb Free Space | 57.00% Space Free | Partition Type: NTFS Drive D: | 225.33 Gb Total Space | 176.99 Gb Free Space | 78.55% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/12 16:17:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011/03/18 14:57:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/02/06 12:37:27 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010/09/06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010/08/02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/08/02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010/03/23 09:50:12 | 000,632,464 | ---- | M] (Secure Digital Services) -- C:\Program Files\OfferBox\OfferBox.exe PRC - [2010/02/01 23:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010/02/01 23:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2010/01/14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/09/12 14:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/09/11 13:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009/09/11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/09/02 09:56:00 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/09/02 09:55:32 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/08/06 09:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/03/28 04:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2009/03/12 17:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe PRC - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (SafeList) ========== MOD - [2011/04/12 16:17:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010/12/21 07:34:12 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/07/14 03:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll MOD - [2009/07/14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll MOD - [2009/07/14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll MOD - [2009/07/14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll MOD - [2009/07/14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService) SRV - [2011/03/18 14:57:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/09/06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/08/02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/09/28 09:22:00 | 000,364,544 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc) SRV - [2009/09/11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009/09/02 09:55:32 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/03/28 04:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip) SRV - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2011/03/18 14:57:23 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010/12/10 22:41:37 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/06/17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/10 03:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/09/02 10:31:04 | 005,173,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/07/22 00:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009/06/29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009/04/09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008/11/19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008/11/19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008/11/19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008/10/09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=17434 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2010/08/07 02:09:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011/03/26 20:57:54 | 000,000,000 | ---D | M] [2010/07/04 20:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010/07/04 20:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found. O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Radio Bar 2 Toolbar) - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Radio Bar 2 Toolbar) - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Radio Bar 2 Toolbar) - {9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - C:\Program Files\Radio_Bar_2\tbRadi.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Program Files\PHPNukeDE\prxtbPHP2.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Driver Updater] File not found O4 - HKCU..\Run: [LG LinkAir] File not found O4 - HKCU..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jessica\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.97 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2fcc8f41-3b7e-11e0-8438-00245416dba5}\Shell - "" = AutoRun O33 - MountPoints2\{2fcc8f41-3b7e-11e0-8438-00245416dba5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2fcc8f4a-3b7e-11e0-8438-00245416dba5}\Shell - "" = AutoRun O33 - MountPoints2\{2fcc8f4a-3b7e-11e0-8438-00245416dba5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6c2b78cf-5ddb-11e0-be22-00245416dba5}\Shell - "" = AutoRun O33 - MountPoints2\{6c2b78cf-5ddb-11e0-be22-00245416dba5}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{de7b752f-57a5-11e0-8487-00245416dba5}\Shell - "" = AutoRun O33 - MountPoints2\{de7b752f-57a5-11e0-8487-00245416dba5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: phonostar-Player - hkey= - key= - File not found MsConfig - StartUpReg: phonostarTimer - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011/04/12 16:28:00 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2011/04/12 16:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/04/12 16:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011/04/12 16:17:24 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jessica\Desktop\Erunt-setup.exe [2011/04/12 16:17:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe [2011/04/12 16:17:24 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\TFC.exe [2011/04/11 19:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade [2011/04/09 12:38:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin [2011/04/09 12:35:04 | 000,000,000 | ---D | C] -- C:\windows\Jojos Fashion Show World Tour [2011/04/07 22:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Games [2011/04/07 20:53:23 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Documents\MediaGet [2011/04/07 20:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC [2011/04/07 19:32:38 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Sahmon Games [2011/04/07 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse [2011/04/07 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\EscapefromParadise2_at [2011/04/04 17:59:31 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Documents\LG PC Suite IV [2011/04/04 17:59:31 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\LG Electronics [2011/04/04 17:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite IV [2011/04/04 17:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [2011/03/28 18:49:05 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Documents\Privat^^ [2011/03/26 20:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone [2011/03/26 20:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone [2011/03/26 20:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone [2011/03/23 18:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011/03/20 17:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\DVDVideoSoft [2011/03/20 16:58:57 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\DVDVideoSoftIEHelpers [2011/03/17 18:12:19 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Desktop\Neuer Ordner [2010/02/06 17:44:26 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA574.dll ========== Files - Modified Within 30 Days ========== [2011/04/12 16:28:08 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/12 16:28:08 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/12 16:27:05 | 000,001,078 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/04/12 16:26:53 | 000,000,898 | ---- | M] () -- C:\Users\Jessica\Desktop\NTREGOPT.lnk [2011/04/12 16:26:53 | 000,000,879 | ---- | M] () -- C:\Users\Jessica\Desktop\ERUNT.lnk [2011/04/12 16:24:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/04/12 16:20:49 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/04/12 16:20:48 | 000,000,294 | -H-- | M] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/04/12 16:20:45 | 000,000,294 | -H-- | M] () -- C:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011/04/12 16:20:39 | 000,000,310 | -HS- | M] () -- C:\windows\tasks\JWSH.job [2011/04/12 16:20:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/04/12 16:20:17 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2011/04/12 16:17:38 | 000,301,568 | ---- | M] () -- C:\Users\***\Desktop\g2m3e4r.exe [2011/04/12 16:17:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe [2011/04/12 16:17:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011/04/12 16:17:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe [2011/04/12 15:14:44 | 279,879,418 | ---- | M] () -- C:\windows\MEMORY.DMP [2011/04/12 14:26:46 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE [2011/04/11 18:24:05 | 000,002,252 | ---- | M] () -- C:\Users\***\Desktop\Escape From Paradise 2 - A Kingdom's Quest.lnk [2011/04/08 13:47:55 | 000,002,097 | ---- | M] () -- C:\Users\***\Desktop\The Island Castaway BFG.lnk [2011/04/08 13:47:46 | 000,752,824 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/04/08 13:47:46 | 000,697,930 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/04/08 13:47:46 | 000,170,446 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/04/08 13:47:46 | 000,137,814 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/04/07 20:50:36 | 000,150,016 | RHS- | M] () -- C:\windows\System32\makecab1.dll [2011/04/07 19:31:35 | 000,001,947 | ---- | M] () -- C:\Users\***\Desktop\More Great Games.lnk [2011/04/04 17:59:31 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk [2011/03/26 20:58:02 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone SMS.lnk [2011/03/26 20:58:02 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk [2011/03/23 18:34:34 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*Mittelalter.lnk [2011/03/20 17:29:16 | 000,001,201 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk [2011/03/18 14:57:23 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys ========== Files Created - No Company Name ========== [2011/04/12 16:27:05 | 000,001,078 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/04/12 16:26:53 | 000,000,898 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011/04/12 16:26:53 | 000,000,879 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2011/04/12 16:17:25 | 000,301,568 | ---- | C] () -- C:\Users\***\Desktop\g2m3e4r.exe [2011/04/12 15:14:44 | 279,879,418 | ---- | C] () -- C:\windows\MEMORY.DMP [2011/04/12 14:26:45 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE [2011/04/11 18:24:05 | 000,002,252 | ---- | C] () -- C:\Users\***\Desktop\Escape From Paradise 2 - A Kingdom's Quest.lnk [2011/04/07 22:24:07 | 000,002,097 | ---- | C] () -- C:\Users\***\Desktop\The Island Castaway BFG.lnk [2011/04/07 20:50:43 | 000,000,294 | -H-- | C] () -- C:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011/04/07 20:50:41 | 000,000,294 | -H-- | C] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/04/07 20:50:36 | 000,150,016 | RHS- | C] () -- C:\windows\System32\makecab1.dll [2011/04/07 20:50:36 | 000,000,310 | -HS- | C] () -- C:\windows\tasks\JWSH.job [2011/04/07 17:59:19 | 000,001,947 | ---- | C] () -- C:\Users\***\Desktop\More Great Games.lnk [2011/04/04 17:59:31 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk [2011/03/29 15:53:49 | 000,027,648 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb [2011/03/29 15:53:49 | 000,003,072 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb [2011/03/26 20:58:02 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone SMS.lnk [2011/03/26 20:58:02 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk [2011/03/23 18:34:34 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*Mittelalter.lnk [2010/11/16 10:56:46 | 000,245,504 | ---- | C] () -- C:\windows\PI.EXE [2010/10/05 01:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys [2010/04/21 18:20:27 | 000,002,620 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll [2010/03/13 17:23:00 | 000,001,300 | ---- | C] () -- C:\windows\disney.ini [2009/12/25 17:44:49 | 000,000,056 | ---- | C] () -- C:\windows\TKKG_7.ini [2009/11/30 20:57:52 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009/11/30 20:15:29 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/11/30 19:58:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/10/08 04:30:57 | 000,752,824 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/10/08 04:30:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/10/08 04:30:57 | 000,170,446 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/10/08 04:30:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/10/08 04:10:19 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe [2009/10/08 04:10:19 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe [2009/10/08 04:10:18 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat [2009/10/08 03:48:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2009/10/07 12:15:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2009/10/07 11:59:41 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,452,400 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,697,930 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,137,814 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2010/01/24 22:24:46 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2010/04/01 23:17:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcadetown_DressUpRush [2011/02/18 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bytemobile [2010/03/13 17:31:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Disney Interactive Studios [2011/03/20 17:29:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011/03/20 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011/04/11 18:25:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EscapeFromParadise2 [2010/06/19 12:53:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FissaSearch [2010/02/15 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeAudioPack [2010/11/15 12:34:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GamesCafe [2009/12/07 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Go Go Gourmet [2010/06/18 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010/01/18 01:59:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Home Sweet Home [2011/04/11 17:42:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010/07/06 21:55:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IMVUClient [2011/01/30 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Little Worlds Online [2010/03/29 16:24:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Merscom [2010/06/19 12:55:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\moovida-1 [2010/03/29 13:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\oberon [2010/09/13 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OfferBox [2010/11/17 14:07:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2010/02/15 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010/08/07 01:41:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010/08/10 15:46:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH [2010/08/13 18:21:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player [2009/12/07 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2010/04/02 22:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Playrix Entertainment [2010/08/13 20:41:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickStoresToolbar [2011/04/07 19:32:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sahmon Games [2010/04/14 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Search Settings [2010/07/04 20:51:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vivox [2011/02/18 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2011/02/08 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom [2011/04/12 16:20:39 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\JWSH.job [2011/03/30 15:51:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/04/12 16:20:48 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/04/12 16:20:45 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/03/06 10:10:02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011/04/12 14:27:40 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009/10/07 11:52:40 | 000,000,000 | ---D | M] -- C:\Intel [2009/11/30 20:00:18 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/04/12 16:26:52 | 000,000,000 | R--D | M] -- C:\Program Files [2011/04/12 14:25:16 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/03/23 19:18:44 | 000,000,000 | ---D | M] -- C:\Programs [2009/11/30 19:55:04 | 000,000,000 | -HSD | M] -- C:\Recovery [2011/04/12 16:26:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/03/06 10:09:11 | 000,000,000 | R--D | M] -- C:\Users [2011/04/12 16:28:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-05 21:30:05 ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:7793C843 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:24DEDB49 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:3CBF61F6 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:CBAC4FD8 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:27F44544 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:D7F0D751 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:3D2773A9 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:2D53590F @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:26C2E4B1 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EB603FE4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:5EE6D8DC @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:98C1E88D @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:30FF836C @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C10779F9 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:85A93A49 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FD5FB170 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FD444D31 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:AF5A3939 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A561857E @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:99A72E3A @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4A6AD8EC @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:81E7CF6A @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:375FC7E7 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:C4B2CA39 < End of report > GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-12 17:39:16
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 rev.
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\pwlirfoc.sys
---- System - GMER 1.0.15 ----
Code 87524048 ZwEnumerateKey
Code 8742C6B8 ZwFlushInstructionCache
Code 875266F5 IofCallDriver
Code 874373B6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 83479ED0 5 Bytes JMP 875266FA
.text ntoskrnl.exe!IofCompleteRequest 83479F3D 5 Bytes JMP 874373BB
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 834808A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 834A0312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!ZwEnumerateKey 83670475 5 Bytes JMP 8752404C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 836A2C31 5 Bytes JMP 8742C6BC
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C2D000, 0x2DEB7A, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Modules - GMER 1.0.15 ----
Module \systemroot\PRAGMAqswxqwvnrt\PRAGMAd.sys (*** hidden *** ) 925E0000-92604000 (147456 bytes)
---- Services - GMER 1.0.15 ----
Service system32\drivers\PRAGMAbbpeptriwu.sys (*** hidden *** ) [SYSTEM] PRAGMAd.sys <-- ROOTKIT !!!
Service C:\windows\PRAGMAqswxqwvnrt\PRAGMAd.sys (*** hidden *** ) [SYSTEM] PRAGMAqswxqwvnrt <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00116755904c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00116755904c@00265fc8fbd1 0x3A 0x52 0xFF 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea93e9
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys@imagepath \systemroot\system32\drivers\PRAGMAbbpeptriwu.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@PRAGMAc \\?\globalroot\systemroot\system32\PRAGMAumopptpily.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@PRAGMAd \\?\globalroot\systemroot\system32\drivers\PRAGMAbbpeptriwu.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@PRAGMAsrcr \\?\globalroot\systemroot\system32\PRAGMAeautwyitvk.dat
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@pragmaserf \\?\globalroot\systemroot\system32\PRAGMAmvvicxybpe.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAd.sys\modules@pragmabbr \\?\globalroot\systemroot\system32\PRAGMAwvtopreatr.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAqswxqwvnrt
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAqswxqwvnrt@start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAqswxqwvnrt@type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\PRAGMAqswxqwvnrt@imagepath \systemroot\PRAGMAqswxqwvnrt\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00116755904c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00116755904c@00265fc8fbd1 0x3A 0x52 0xFF 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys@imagepath \systemroot\system32\drivers\PRAGMAbbpeptriwu.sys
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@PRAGMAc \\?\globalroot\systemroot\system32\PRAGMAumopptpily.dll
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@PRAGMAd \\?\globalroot\systemroot\system32\drivers\PRAGMAbbpeptriwu.sys
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@PRAGMAsrcr \\?\globalroot\systemroot\system32\PRAGMAeautwyitvk.dat
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@pragmaserf \\?\globalroot\systemroot\system32\PRAGMAmvvicxybpe.dll
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys\modules@pragmabbr \\?\globalroot\systemroot\system32\PRAGMAwvtopreatr.dll
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAqswxqwvnrt (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAqswxqwvnrt@start 1
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAqswxqwvnrt@type 1
Reg HKLM\SYSTEM\ControlSet002\services\PRAGMAqswxqwvnrt@imagepath \systemroot\PRAGMAqswxqwvnrt\PRAGMAd.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Files - GMER 1.0.15 ----
File C:\ProgramData\pragmamfeklnmal.dll 1199 bytes
File C:\Users\***\AppData\Local\Temp\PRAGMAcbc8.tmp 88576 bytes executable
File C:\Users\***\AppData\Local\Temp\pragmamainqt.dll 10347 bytes
File C:\Windows\PRAGMAqswxqwvnrt 0 bytes
File C:\Windows\PRAGMAqswxqwvnrt\PRAGMAd.sys 45056 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\PRAGMAeautwyitvk.dat 144 bytes
File C:\Windows\System32\PRAGMAumopptpily.dll 30208 bytes executable
File C:\Windows\Temp\pragmamainqt.dll 10406 bytes
---- EOF - GMER 1.0.15 ----
Ich bewundere wirklich alle, dich damit etwas anfangen können! Geändert von CrazyFlocke (12.04.2011 um 16:43 Uhr) |
|
12.04.2011, 17:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.XPACK.Gen kann nicht gelöscht werden Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
| Themen zu TR/Crypt.XPACK.Gen kann nicht gelöscht werden |
| alternate, avgntflt.sys, avira, bho, c:\windows\system32\pragmaumopptpily.dll, converter, error, euro, excel, firefox, flash player, google, home, iexplore.exe, install.exe, kann nicht entfernt/gefunden werden, kann nicht gelöscht werden, location, locker, logfile, microsoft office 2003, microsoft office word, mp3, office 2007, oldtimer, pirates, plug-in, problem, realtek, saver, scan, security, security update, server, shell32.dll, software, start menu, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, viren, vodafone, webcheck, windows |
Linear-Darstellung
