"TR/Crypt.XPACK.Gen" in verschiedenen Ordnern

Lienchen · 27.04.2011, 12:44

Hallo liebes Forum

Wie mein Titel schon sagt, habe ich ein Problem mit dem Virus "TR/Crypt.XPACK.Gen" Ich habe auch schon recherchiert. Leider habe ich so wenig Ahnung von der ganzen Thematik, dass mir das garnicht geholfen hat.
Mache mir jetzt große Sorgen. Ist der genannte Virus schlimm? Was tut er?

Vor 3 Tagen meldete mein Virenprogramm (Avira Antivir Personal - free Antivirus) mir das Problem. Unter "Ereignisse" finde ich, dass Scanner und Guide mehrmals einen Fund anzeigen. Immer der gleiche Virus an folgenden Orten:
'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2d67cb3e-18fb9f3c-temp'
'C:\Users\***\AppData\Local\Temp\jar_cache7738995315522752688.tmp'
'C:\Users\***\AppData\Local\Temp\0.5658928109560067.exe'
'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2d67cb3e-18fb9f3c'
Komisch ist, dass das Programm in etwa der Hälfte aller Fälle behauptet, ich hätte die Dateien in Quarantäne verschoben (habe ich auch tatsächlich) und in der anderen Hälfte, ich hätte den Zugriff zugelassen (habe ich aber ganz sicher nicht!).

Gestern wollte ich den Laptop dann hochfahren und er erklärte mir, er habe sich selbst wieder heruntergefahren, um Schaden zu vermeiden und er fragte, ob ich den repair modus starten oder normal starten will. Ich habe den repair modus gewählt und der Laptop wurde (soweit ich verstanden habe) auf einen früheren Zeitpunkt wiederhergestellt.

Ein neuer Suchlauf mit Avira hat nichts gefunden, aber ich misstraue dem Ganzen irgendwie noch. Zumal es ja scheinbar Dateien gibt, wo der Virus Zugriff hat.

Habe nun alle erforderlichen Logfiles gemacht:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 4/27/2011 12:33:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.99 Gb Total Space | 268.35 Gb Free Space | 59.24% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/04/27 12:21:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011/04/27 11:57:01 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/16 16:56:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/03 16:41:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/02/05 20:23:14 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/02/05 20:23:14 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010/02/05 20:23:12 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/05 10:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe
PRC - [2009/09/05 10:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PdtWzd.exe
PRC - [2009/09/05 10:17:50 | 004,191,232 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PwdBank.exe
PRC - [2009/09/05 10:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/08/27 06:47:18 | 001,200,136 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/03/27 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/04/27 12:21:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2011/01/22 13:26:19 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/11/05 03:58:01 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
MOD - [2010/02/05 20:23:30 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\SysHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/04/27 11:57:01 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 16:56:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/02/05 20:23:14 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/09/05 10:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/27 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/03/16 16:56:06 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 12:51:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/07/26 11:21:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/07/26 11:20:39 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/07/26 11:20:39 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/02 14:07:00 | 000,029,744 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2010/04/27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/09/15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/07/28 07:56:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/21 07:13:24 | 000,005,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2009/07/21 07:13:22 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/06 11:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://s7-eu.ixquick.com/do/mypage.pl?prf=c18f2132d2a370b6137a60174bb4e1f2"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 13:01:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 01:20:40 | 000,000,000 | ---D | M]
 
[2010/05/02 19:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2011/04/20 16:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\88b28453.default\extensions
[2011/04/20 16:36:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\88b28453.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/03/27 11:50:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\88b28453.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/31 13:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/20 10:42:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 17:01:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/04 15:56:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011/03/18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/04/11 19:51:14 | 000,432,374 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14880 more lines...
O2 - BHO: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found.
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - State: "startup" - 2

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/27 12:32:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/27 12:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/27 12:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/27 12:21:36 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011/04/27 12:21:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011/04/27 12:21:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011/04/26 15:23:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/25 20:34:55 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\NPS
[2011/04/25 20:34:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Art
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/27 12:31:10 | 000,019,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 12:31:10 | 000,019,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 12:29:31 | 000,000,902 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011/04/27 12:29:31 | 000,000,883 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011/04/27 12:28:11 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 12:28:11 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/27 12:25:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 12:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 12:23:39 | 2411,859,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 12:21:47 | 000,301,568 | ---- | M] () -- C:\Users\***\Desktop\g2m3e4r.exe
[2011/04/27 12:21:46 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011/04/27 12:21:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011/04/27 12:21:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011/04/27 12:18:52 | 000,377,260 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2011/04/27 11:59:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/26 15:23:06 | 213,152,992 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/24 13:40:34 | 000,207,268 | ---- | M] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0004.pdf
[2011/04/24 13:40:34 | 000,189,069 | ---- | M] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0001.pdf
[2011/04/24 13:40:34 | 000,184,996 | ---- | M] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0005.pdf
[2011/04/24 13:40:34 | 000,182,947 | ---- | M] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0002.pdf
[2011/04/24 13:40:34 | 000,166,878 | ---- | M] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0003.pdf
[2011/04/24 13:40:34 | 000,160,488 | ---- | M] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0006.pdf
[2011/04/13 11:36:18 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/11 19:51:14 | 000,432,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/10 21:36:45 | 690,419,900 | ---- | M] () -- C:\Users\***\Desktop\Vampire_Diaries2_11.03.14_21-15_pro7_60_TVOON_DE.mpg.HQ.avi
[2011/04/07 17:54:26 | 000,001,415 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/07 17:53:29 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/01 19:01:25 | 000,431,614 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110411-195114.backup
[2011/04/01 18:58:24 | 000,019,506 | ---- | M] () -- C:\Users\***\Documents\Änderungen an der Registry (CCleaner, 01.04.11).reg
[2011/04/01 18:56:00 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/31 13:02:04 | 000,002,002 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/31 13:01:02 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/29 10:22:32 | 000,431,482 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110401-190125.backup
 
========== Files Created - No Company Name ==========
 
[2011/04/27 12:29:31 | 000,000,902 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011/04/27 12:29:31 | 000,000,883 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011/04/27 12:21:37 | 000,301,568 | ---- | C] () -- C:\Users\***\Desktop\g2m3e4r.exe
[2011/04/27 12:18:50 | 000,377,260 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2011/04/26 15:23:06 | 213,152,992 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/24 13:40:34 | 000,207,268 | ---- | C] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0004.pdf
[2011/04/24 13:40:34 | 000,189,069 | ---- | C] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0001.pdf
[2011/04/24 13:40:34 | 000,184,996 | ---- | C] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0005.pdf
[2011/04/24 13:40:34 | 000,182,947 | ---- | C] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0002.pdf
[2011/04/24 13:40:34 | 000,166,878 | ---- | C] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0003.pdf
[2011/04/24 13:40:34 | 000,160,488 | ---- | C] () -- C:\Users\***\Desktop\Masse-&Dichtebest.0006.pdf
[2011/04/10 20:23:17 | 690,419,900 | ---- | C] () -- C:\Users\***\Desktop\Vampire_Diaries2_11.03.14_21-15_pro7_60_TVOON_DE.mpg.HQ.avi
[2011/04/07 17:53:29 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/01 18:57:29 | 000,019,506 | ---- | C] () -- C:\Users\***\Documents\Änderungen an der Registry (CCleaner, 01.04.11).reg
[2011/01/21 00:05:50 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/01/21 00:05:50 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/10/30 23:44:51 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2010/08/02 12:29:52 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2010/05/03 12:47:43 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2010/05/02 21:43:13 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 21:38:43 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/05/02 21:38:43 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2010/05/02 14:05:51 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010/05/02 14:05:51 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat
[2010/05/02 14:05:51 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/05/02 14:05:51 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/05/02 14:05:51 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/05/02 14:05:51 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/05/02 14:05:51 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,410,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2010/06/28 18:54:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010/09/01 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/02 15:59:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EgisTec
[2011/04/11 19:50:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011/02/19 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ML
[2010/12/02 23:19:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2011/01/21 00:57:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011/01/22 13:26:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010/09/12 13:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoundSpectrum
[2010/11/27 17:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VDownloader
[2011/03/16 16:53:55 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/05/03 01:14:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010/05/01 22:13:36 | 000,000,000 | ---D | M] -- C:\Acer
[2009/07/22 17:49:19 | 000,000,000 | ---D | M] -- C:\Book
[2011/02/26 14:51:12 | 000,000,000 | -HSD | M] -- C:\Boot
[2009/07/22 09:08:25 | 000,000,000 | ---D | M] -- C:\CLSetup
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/10/26 19:08:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010/12/27 13:32:26 | 000,000,000 | ---D | M] -- C:\Downloads
[2009/10/26 19:12:51 | 000,000,000 | ---D | M] -- C:\Elements
[2009/02/11 22:12:45 | 000,000,000 | ---D | M] -- C:\Intel
[2010/05/03 09:54:42 | 000,000,000 | ---D | M] -- C:\MGADiagToolOutput
[2010/05/02 19:22:29 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/10/26 19:15:12 | 000,000,000 | -H-D | M] -- C:\MyWinLockerData
[2010/05/02 11:47:01 | 000,000,000 | ---D | M] -- C:\OEM
[2011/01/15 22:35:42 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/04/27 12:29:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/03/16 17:11:01 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/10/26 19:08:48 | 000,000,000 | -HSD | M] -- C:\Programme
[2010/05/02 13:31:56 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/04/27 12:30:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/05/02 13:33:36 | 000,000,000 | R--D | M] -- C:\Users
[2011/04/27 12:32:12 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-27 09:58:37

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 4/27/2011 12:33:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.99 Gb Total Space | 268.35 Gb Free Space | 59.24% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.712
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free Download Manager_is1" = Free Download Manager 3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tuned!" = Tuned!
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Sony Ericsson Update Service
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/8/2011 9:07:48 AM | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 4/9/2011 10:10:13 AM | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 4/11/2011 2:36:03 PM | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 4/13/2011 9:41:03 AM | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = The program SDUpdate.exe version 1.6.0.12 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: e8    Start
 Time: 01cbf9e056c5b297    Termination Time: 11    Application Path: C:\Program Files\Spybot
 - Search & Destroy\SDUpdate.exe    Report Id: a96d65a7-65d3-11e0-9033-001f16afdfdc  
 
Error - 4/13/2011 12:03:12 PM | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 4/17/2011 3:54:17 AM | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 4/17/2011 4:51:19 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 2.0.0.4094,
 time stamp: 0x4d83749c  Faulting module name: AcroRd32.dll, version: 9.4.3.231, time
 stamp: 0x4d7c119c  Exception code: 0x40000015  Fault offset: 0x0004e929  Faulting process
 id: 0xb1c  Faulting application start time: 0x01cbfcd0d05fa18c  Faulting application
 path: C:\Program Files\Mozilla Firefox\plugin-container.exe  Faulting module path:
 C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll  Report Id: dc87af00-68cf-11e0-9003-001f16afdfdc
 
Error - 4/20/2011 1:15:38 PM | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 4/23/2011 1:34:49 PM | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 4/25/2011 11:42:18 AM | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
[ Media Center Events ]
Error - 6/20/2010 11:45:56 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:45:47 - Error connecting to the internet.  17:45:51 -     Unable 
to contact server..  
 
Error - 6/20/2010 11:47:23 AM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:46:32 - Error connecting to the internet.  17:46:32 -     Unable 
to contact server..  
 
Error - 8/2/2010 6:03:39 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 00:03:39 - Error connecting to the internet.  00:03:39 -     Unable 
to contact server..  
 
Error - 8/2/2010 6:03:49 PM | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 00:03:45 - Error connecting to the internet.  00:03:45 -     Unable 
to contact server..  
 
[ OSession Events ]
Error - 12/5/2010 10:29:33 AM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10/18/2010 10:53:38 AM | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 10/20/2010 10:43:26 AM | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x800f020b: Canon - Printing, Scanner, Storage - Canon MP550 ser.
 
Error - 10/21/2010 11:28:27 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 10/27/2010 9:35:40 AM | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 10/27/2010 9:35:45 AM | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80080005: Update for Windows 7 (KB2249857).
 
Error - 10/29/2010 3:56:08 AM | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10/29/2010 3:56:08 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
 with the currently configured password due to the following error:   %%1352    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 10/29/2010 3:56:08 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following 
error:   %%1069
 
Error - 11/1/2010 4:50:04 PM | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11/4/2010 12:33:48 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
 
< End of report >

--- --- ---

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-27 12:58:20
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\kgriqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                             83094339 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                    830CDD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            peauth.sys                                                                9EE9DBEC 111 Bytes  CALL 05609E17 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[3996] ntdll.dll!LdrLoadDll   76FE22B8 5 Bytes  JMP 00201410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                   Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000050                                         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\FPSensor\Parameters@ContactSensor  1

---- EOF - GMER 1.0.15 ----

--- --- ---

Habe ich etwas wichtiges vergessen? Schon mal im Vorhinein ein riesengroßes Danke - ich hätte nicht gewusst, wen ich sonst um Hilfe bitten könnte!

Liebe Grüße,
Lienchen

markusg · 27.04.2011, 13:22

download malwarebytes:
Malwarebytes Anti-Malware
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Lienchen · 27.04.2011, 14:41

Hallo markusg!

Danke schon einmal für die schnelle Antwort! Meine ist nicht ganz so schnell, denn der Scan hat etwas gedauert.
Hier ist das Logfile:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6456

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27.04.2011 15:27:21
mbam-log-2011-04-27 (15-27-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 238918
Laufzeit: 54 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\Pictures\photoshop\CS 4\keygen-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

Also. Dazu fällt mir nicht viel ein. Ich habe vor zwei Jahren von einem Bekannten eine Raubkopie von "Photoshop" bekommen. Er meinte, wenn ich ein paar Schlüssel in dem Programm umändere, ließe es sich völlig problemlos verwenden.
Da ich aber überhaupt keine Ahnung habe, wie das geht, habe ich das Programm (bzw. den komischen Haufen Ordner) bis heute nicht angerüht. Ich hatte schon komplett vergessen, dass ich es besitze. Werde die Dateien also gleich löschen, wenn da aus deiner Sicht kein Problem besteht.

Es fällt mir schwer, zu glauben, dass DAS mein Problem gewesen sein soll.... Heißt das, der Virus ist weg?

Liebe Grüße,
Lienchen

markusg · 27.04.2011, 14:52

doch da besteht für mich, bzw für das ganze forum ein problem.
wir unterstützen die verwendung solcher illegaler software nicht.
ich möchte dir jetzt nicht unterstellen das du lügst, aber so was wie "hubs, woher kommt das denn" höre ich jedes mal.
du bekommst hier nur hilfe beim formatieren neu aufsetzen und absichern des pcs

Lienchen · 27.04.2011, 15:05

Besteht denn keine Möglichkeit zu beweisen, dass ich das Programm (falls die Ordner das sind) noch nie benutzt (nicht mal installiert) habe? Ich würde nämlich gerne meine Glaubwürdigkeit wiederherstellen, weil ich für eure Hilfe hier sehr dankbar bin.

Ich glaube dir, dass du dieses "ups" ständig hörst, aber ich fände es schön, wenn du mir trotzdem glauben könntest.

Hat es einen Schaden für meinen Laptop, wenn ich diesen ganzen Ordner samt Unterordnern einfach lösche?

Wäre mein Virus-Problem denn gelöst? Was ich eben mit "Es fällt mir schwer, zu glauben, dass DAS mein Problem gewesen sein soll" gemeint habe ist: die Ordner liegen seit fast 2 Jahren unbeachtet auf dem Laptop und der Virus kam vor wenigen Tagen. Ist das nicht recht zusammenhangslos? Kann es also sein, dass das Malewarebytes-Programm etwas "falsches" gefunden hat?

Liebe Grüße!

markusg · 27.04.2011, 15:16

nein wäre es nicht.
und nein, wir haben uns hier darauf geeinigt, dass wir bei keygen funden nur beim neu aufsetzen helfen.
wie gesagt gehe ich jetzt nicht unbedingt davon aus das du lügst, aber wenn ich jetzt anfange ne ausname zu machen kommt dann jeder an...

Lienchen · 27.04.2011, 15:22

Oh nein. Da habe ich ja unbewusst ein Fass ohne Boden geöffnet. Es tut mir total leid. Ich habe den blöden Ordner jetzt mal gelöscht (auch den Papierkorb, damit müsste es ja dann endgültig weg sein).

Gehen beim neu Aufsetzen alle Daten und Einstellungen verloren? Kannst du mir dabei so helfen, dass ich es auch als Dummie erfolgreich schaffe? Es wäre toll, wenn du mir trotz allem weiter helfen würdest, bin nämlich jetzt vollends verzweifelt.

markusg · 27.04.2011, 15:28

ja du bekommst natürlich dabei hilfe.
deine daten kannst du sichern auf rolinge oder usb sticks bzw festplatten.
einstellungen gehen verloren, das können wir dann aber machen.
sichere texte bilder musik etc aus legalen quellen, wenn fertig, melde dich und es geht weiter

Lienchen · 27.04.2011, 16:44

So, da wäre ich wieder. Habe soweit alles wichtige gesichert. Bin also bereit zum Unvermeidlichen. Dauert das neu Aufsetzen lange? Schaffe ich das heute noch ganz?

markusg · 28.04.2011, 12:27

hast du eine windows cd recovery cd oder recovery partition?
schon mal formatiert oder benötigst du dafür ebenfalls ne anleitung

Lienchen · 28.04.2011, 20:23

Also. Ich habe von Windows 7 nur eine System Repair Disk - ist es das? Recovery partition sagt mir nix.
Formatieren ist einfach rechte Maustaste auf C:\ und formatieren, oder?

Lienchen · 28.04.2011, 20:28

Ich hab von Windows 7 nur eine System Repair Disc. Reicht das?
Für die Formatierung bräuchte ich eine Anleitung, wenn es über das normale Rechtsklick-Formatieren hinausgeht.

markusg · 28.04.2011, 20:30

die wird reichen, und es ist nicht über rechtsklick..
alle daten gesichert? dann gehts morgen los

Lienchen · 28.04.2011, 20:33

Ja, alles gesichert. Wann fangen wir denn morgen ab besten an, damit es auch fertig wird?

Lienchen · 29.04.2011, 11:20

Bin bereit. Passt es dir gerade?

27.04.2011, 13:22	#2
markusg /// Malware-holic	"TR/Crypt.XPACK.Gen" in verschiedenen Ordnern download malwarebytes: Malwarebytes Anti-Malware instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. __________________ __________________

27.04.2011, 15:16	#6
markusg /// Malware-holic	"TR/Crypt.XPACK.Gen" in verschiedenen Ordnern nein wäre es nicht. und nein, wir haben uns hier darauf geeinigt, dass wir bei keygen funden nur beim neu aufsetzen helfen. wie gesagt gehe ich jetzt nicht unbedingt davon aus das du lügst, aber wenn ich jetzt anfange ne ausname zu machen kommt dann jeder an... __________________ --> "TR/Crypt.XPACK.Gen" in verschiedenen Ordnern

"TR/Crypt.XPACK.Gen" in verschiedenen Ordnern

Plagegeister aller Art und deren Bekämpfung: "TR/Crypt.XPACK.Gen" in verschiedenen Ordnern