| |
| |||||||
Log-Analyse und Auswertung: Problem mit Trojaner Virtumonde - Entfernung nicht möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.04.2011, 00:28
| #1 |
 |  Problem mit Trojaner Virtumonde - Entfernung nicht möglich Hallo. Habe Routinemäßig Spybot S&D durchlaufen lassen und dabei Malware und Trojaner gefunden. Habe die Probleme beheben lassen und gleichzeitig einen Durchlauf mit Antivir gestartet und die selben probleme wurden erkannt. Auch diese habe ich beheben lassen. Nach einem Neustart, habe ich auf Empfehlung Spybot erneut suchen lassen. Der Eintrag virtumonde.prx ließ sich nicht entfernen. Durch Google bin ich auf dieses Forum gestoßen. Habe auch die Anleitung befolgt und Log Files erstellt. Code:
ATTFilter OTL logfile created on: 23.04.2011 00:13:55 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Flomo\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 11,00 Gb Paging File | 9,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 37,86 Gb Free Space | 38,77% Space Free | Partition Type: NTFS Drive D: | 368,01 Gb Total Space | 314,27 Gb Free Space | 85,40% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 285,62 Gb Free Space | 30,66% Space Free | Partition Type: NTFS Computer Name: FLOMO-PC | User Name: Flomo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.23 00:06:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Flomo\Desktop\OTL.exe PRC - [2011.03.23 22:39:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.03.16 14:42:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.01.13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe PRC - [2010.12.07 15:39:40 | 000,644,104 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010.11.10 14:06:38 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.10 14:06:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\logishrd\KHAL3\KHALMNPR.exe PRC - [2010.04.12 23:56:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe PRC - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2009.07.17 15:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2007.12.20 14:19:46 | 000,293,168 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe PRC - [2007.04.05 11:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Programme\Keyboard Driver\KMWDSrv.exe PRC - [2007.04.04 12:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Programme\Keyboard Driver\KMProcess.exe PRC - [2007.03.28 01:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Keyboard Driver\KMCONFIG.exe PRC - [2007.03.06 15:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Keyboard Driver\StartAutorun.exe PRC - [2005.10.23 01:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Programme\Syncrosoft\POS\H2O\cledx.exe ========== Modules (SafeList) ========== MOD - [2011.04.23 00:06:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Flomo\Desktop\OTL.exe MOD - [2011.04.22 13:37:02 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2011.04.20 03:03:34 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll MOD - [2011.04.20 03:03:32 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\ATL80.dll MOD - [2011.01.11 08:55:06 | 000,961,376 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveUtil.dll MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.02.12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll MOD - [2008.10.25 12:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveNew.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.16 14:42:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.10 14:06:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.04.12 23:56:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.02.08 16:48:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED) SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2009.07.17 15:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.05 14:43:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2007.04.05 11:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE) ========== Driver Services (SafeList) ========== DRV - [2011.04.22 23:02:39 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2011.04.01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 300(UVC) DRV - [2011.04.01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.03.16 14:42:39 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.02.23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.12.07 15:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO) DRV - [2010.11.29 15:58:29 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.07.27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.03.18 11:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2010.03.18 11:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2009.12.11 16:54:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.11.26 16:08:46 | 000,399,424 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tascusb2.sys -- (TASCAM_US122144) DRV - [2009.11.26 16:08:42 | 000,039,488 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2a.sys -- (TASCAM_US144_WDM) DRV - [2009.11.26 16:08:40 | 000,026,688 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2m.sys -- (TASCAM_US144_MIDI) DRV - [2009.09.28 16:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\OODrvled.sys -- (OODrvled) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007.12.19 01:00:00 | 000,401,920 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn) DRV - [2007.11.07 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007.03.29 16:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2007.03.29 16:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFilter) DRV - [2005.05.09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX) DRV - [2004.04.05 10:44:42 | 000,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) [Kernel | System | Running] -- C:\Windows\System32\drivers\mapledxp.SYS -- (mapledxp) DRV - [2004.01.28 16:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B F8 47 D2 E0 46 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "hxxp://www.google.de/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.9.5 FF - prefs.js..extensions.enabledItems: {DD966AD8-C524-4E0B-BEB6-C21E63794F7C}:1.9.1 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{DD966AD8-C524-4E0B-BEB6-C21E63794F7C}: C:\Users\Flomo\AppData\Local\{DD966AD8-C524-4E0B-BEB6-C21E63794F7C}\ [2011.04.22 21:29:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.01 15:06:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 10:23:03 | 000,000,000 | ---D | M] [2009.12.10 00:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flomo\AppData\Roaming\mozilla\Extensions [2011.04.22 23:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flomo\AppData\Roaming\mozilla\Firefox\Profiles\30ehab5c.default\extensions [2010.04.27 18:59:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Flomo\AppData\Roaming\mozilla\Firefox\Profiles\30ehab5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.17 14:10:50 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\Users\Flomo\AppData\Roaming\mozilla\Firefox\Profiles\30ehab5c.default\extensions\facepad@lazyrussian.com [2009.12.10 11:41:18 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\Flomo\AppData\Roaming\mozilla\Firefox\Profiles\30ehab5c.default\extensions\smartbookmarksbar@remy.juteau [2009.12.11 16:55:18 | 000,002,055 | ---- | M] () -- C:\Users\Flomo\AppData\Roaming\Mozilla\Firefox\Profiles\30ehab5c.default\searchplugins\daemon-search.xml [2011.04.20 15:17:46 | 000,000,945 | ---- | M] () -- C:\Users\Flomo\AppData\Roaming\Mozilla\Firefox\Profiles\30ehab5c.default\searchplugins\icqplugin.xml [2011.04.22 23:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.27 19:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.27 19:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.04.22 21:29:15 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\FLOMO\APPDATA\LOCAL\{DD966AD8-C524-4E0B-BEB6-C21E63794F7C} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.07 19:10:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.07 19:10:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.07 19:10:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.07 19:10:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.07 19:10:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.24 17:05:42 | 000,416,949 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14388 more lines... O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [KMCONFIG] File not found O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKCU..\Run: [2EOETFM3W2] File not found O4 - HKCU..\Run: [D1T2EUR7FZ] File not found O4 - HKCU..\Run: [Fmetecahexofip] C:\Users\Flomo\AppData\Local\piatera0.dll (Red Hat) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKCU..\Run: [NtWqIVLZEWZU] File not found O4 - Startup: C:\Users\Flomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{27867ab0-e67b-11de-a450-00241ddbc620}\Shell - "" = AutoRun O33 - MountPoints2\{27867ab0-e67b-11de-a450-00241ddbc620}\Shell\AutoRun\command - "" = F:\BattleLosAngeles_Setup.exe O33 - MountPoints2\{66af8baa-6a71-11e0-9fdd-00241ddbc620}\Shell - "" = AutoRun O33 - MountPoints2\{66af8baa-6a71-11e0-9fdd-00241ddbc620}\Shell\AutoRun\command - "" = J:\pushinst.exe O33 - MountPoints2\{a7975472-b28f-11df-be1b-00241ddbc620}\Shell - "" = AutoRun O33 - MountPoints2\{a7975472-b28f-11df-be1b-00241ddbc620}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Flomo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Programme\Logitech\Ereg\eReg.exe - (Leader Technologies/Logitech) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: LWS - hkey= - key= - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RGSC - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.04.23 00:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.23 00:11:55 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.23 00:06:55 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Flomo\Desktop\Erunt-setup.exe [2011.04.23 00:06:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Flomo\Desktop\OTL.exe [2011.04.23 00:06:55 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Flomo\Desktop\TFC.exe [2011.04.22 23:49:33 | 000,116,224 | ---- | C] (videosoft) -- C:\Windows\Ffeqeb.exe [2011.04.22 21:29:15 | 000,000,000 | ---D | C] -- C:\Users\Flomo\AppData\Local\{DD966AD8-C524-4E0B-BEB6-C21E63794F7C} [2011.04.22 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Flomo\AppData\Roaming\2D753C1435209D9D5FCA726813524BBE [2011.04.22 21:27:35 | 000,116,224 | ---- | C] (videosoft) -- C:\Windows\Ffeqea.exe [2011.04.22 13:30:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2011.04.22 13:29:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.04.22 13:24:33 | 000,100,352 | ---- | C] (Red Hat) -- C:\Users\Flomo\AppData\Local\piatera0.dll [2011.04.22 13:24:05 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll [2011.04.19 21:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN [2011.04.19 21:46:06 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick [2011.04.19 21:46:04 | 000,077,824 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwusbnci.dll [2011.04.19 21:46:03 | 000,401,920 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusbn.sys [2011.04.19 21:46:03 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys [2011.04.19 21:46:03 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2011.04.19 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Flomo\AVM_Driver [2011.04.18 01:13:13 | 000,000,000 | ---D | C] -- C:\Users\Flomo\Neuer Ordner [2011.04.06 21:17:35 | 000,000,000 | ---D | C] -- C:\Users\Flomo\AppData\Roaming\Avira [2011.04.06 18:50:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.04.05 11:39:30 | 000,000,000 | ---D | C] -- C:\Users\Flomo\Documents\BattleLA Saves [2011.04.05 11:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konami [2011.04.04 17:31:20 | 000,000,000 | ---D | C] -- C:\Users\Flomo\Desktop\Stinna [2011.04.03 13:28:50 | 000,000,000 | ---D | C] -- C:\Users\Flomo\Desktop\fsghsfghdf [2011.04.03 00:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio [2011.04.03 00:54:45 | 000,000,000 | ---D | C] -- C:\Programme\M-Audio [2011.03.29 14:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.03.29 14:10:33 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4 [2011.03.28 11:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.03.24 17:57:44 | 000,000,000 | ---D | C] -- C:\Users\Flomo\Desktop\ABI [2010.08.25 17:40:07 | 000,049,152 | ---- | C] ( ) -- C:\Windows\System32\mapleapi.dll [2008.02.19 09:12:20 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe [2008.02.19 09:12:18 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe [2008.02.19 09:12:16 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe [2006.11.06 16:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll [2006.11.06 16:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll [2006.11.06 16:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll [2006.11.06 16:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll [2006.11.06 16:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll [2006.11.06 16:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll [2006.11.06 16:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll [2006.11.06 16:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll [2006.11.06 16:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.23 00:11:56 | 000,000,898 | ---- | M] () -- C:\Users\Flomo\Desktop\NTREGOPT.lnk [2011.04.23 00:11:56 | 000,000,879 | ---- | M] () -- C:\Users\Flomo\Desktop\ERUNT.lnk [2011.04.23 00:11:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.04.23 00:10:15 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.04.23 00:06:59 | 000,301,568 | ---- | M] () -- C:\Users\Flomo\Desktop\g2m3e4r.exe [2011.04.23 00:06:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Flomo\Desktop\Erunt-setup.exe [2011.04.23 00:06:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Flomo\Desktop\OTL.exe [2011.04.23 00:06:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Flomo\Desktop\TFC.exe [2011.04.23 00:03:51 | 000,377,260 | ---- | M] () -- C:\Users\Flomo\Desktop\Load.exe [2011.04.22 23:10:05 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 23:10:05 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 23:08:41 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.22 23:08:41 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.22 23:08:41 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.22 23:08:41 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.22 23:02:37 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\lomqgsiktv.job [2011.04.22 23:02:37 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\LBXSAK.job [2011.04.22 23:02:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 23:02:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.04.22 23:02:27 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 22:35:48 | 000,000,104 | ---- | M] () -- C:\Windows\wininit.ini [2011.04.22 21:29:17 | 000,000,000 | ---- | M] () -- C:\Users\Flomo\AppData\Local\Fhagesic.bin [2011.04.22 21:29:16 | 000,000,120 | ---- | M] () -- C:\Users\Flomo\AppData\Local\Gbusaripecil.dat [2011.04.22 21:27:32 | 000,116,224 | ---- | M] (videosoft) -- C:\Windows\Ffeqeb.exe [2011.04.22 21:27:31 | 000,106,496 | RHS- | M] () -- C:\Windows\System32\winloadv.dll [2011.04.22 21:27:28 | 000,116,224 | ---- | M] (videosoft) -- C:\Windows\Ffeqea.exe [2011.04.22 21:20:05 | 000,008,196 | ---- | M] () -- C:\Users\Flomo\Desktop\iyejiviy.dlc [2011.04.22 21:16:55 | 000,012,440 | ---- | M] () -- C:\Users\Flomo\Desktop\asohag.dlc [2011.04.22 13:49:23 | 002,385,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.22 13:37:02 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.22 13:32:01 | 000,001,082 | ---- | M] () -- C:\Users\Flomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2011.04.20 06:27:13 | 000,215,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.04.20 05:31:29 | 000,138,576 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.04.20 05:31:20 | 000,215,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.04.19 14:14:37 | 000,073,132 | ---- | M] () -- C:\Users\Flomo\Desktop\Blut und Sand mit solo NEU#.gp5 [2011.04.06 21:13:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.04.06 21:13:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.04.06 20:45:13 | 005,983,060 | ---- | M] () -- C:\Users\Flomo\Desktop\Nur der Wille zählt drums.wma [2011.04.06 18:50:16 | 290,259,750 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.04 23:04:33 | 000,007,605 | ---- | M] () -- C:\Users\Flomo\AppData\Local\resmon.resmoncfg [2011.04.01 05:07:02 | 010,877,272 | ---- | M] () -- C:\Windows\System32\LogiDPP.dll [2011.04.01 05:07:02 | 000,102,744 | ---- | M] () -- C:\Windows\System32\LogiDPPApp.exe [2011.04.01 05:06:56 | 000,331,608 | ---- | M] () -- C:\Windows\System32\DevManagerCore.dll [2011.04.01 04:56:20 | 000,039,318 | ---- | M] () -- C:\Windows\System32\Repository.reg [2011.04.01 04:56:00 | 000,027,872 | ---- | M] () -- C:\Windows\System32\lvcoinst.ini [2011.03.30 11:17:30 | 000,960,480 | ---- | M] () -- C:\Users\Flomo\Desktop\hihihi.mp3 [2011.03.28 21:14:08 | 004,508,767 | ---- | M] () -- C:\Users\Flomo\Desktop\Photosynthesis song !.mp3 [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.23 00:11:56 | 000,000,898 | ---- | C] () -- C:\Users\Flomo\Desktop\NTREGOPT.lnk [2011.04.23 00:11:56 | 000,000,879 | ---- | C] () -- C:\Users\Flomo\Desktop\ERUNT.lnk [2011.04.23 00:06:55 | 000,301,568 | ---- | C] () -- C:\Users\Flomo\Desktop\g2m3e4r.exe [2011.04.23 00:03:50 | 000,377,260 | ---- | C] () -- C:\Users\Flomo\Desktop\Load.exe [2011.04.22 23:49:37 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.04.22 23:49:34 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.04.22 22:35:48 | 000,000,104 | ---- | C] () -- C:\Windows\wininit.ini [2011.04.22 21:29:17 | 000,000,000 | ---- | C] () -- C:\Users\Flomo\AppData\Local\Fhagesic.bin [2011.04.22 21:29:16 | 000,000,120 | ---- | C] () -- C:\Users\Flomo\AppData\Local\Gbusaripecil.dat [2011.04.22 21:27:31 | 000,106,496 | RHS- | C] () -- C:\Windows\System32\winloadv.dll [2011.04.22 21:27:31 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\lomqgsiktv.job [2011.04.22 21:27:31 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\LBXSAK.job [2011.04.22 21:20:04 | 000,008,196 | ---- | C] () -- C:\Users\Flomo\Desktop\iyejiviy.dlc [2011.04.22 21:16:53 | 000,012,440 | ---- | C] () -- C:\Users\Flomo\Desktop\asohag.dlc [2011.04.22 13:52:36 | 000,001,413 | ---- | C] () -- C:\Users\Flomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.04.22 13:37:02 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.22 13:32:01 | 000,001,082 | ---- | C] () -- C:\Users\Flomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2011.04.22 13:24:40 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011.04.22 13:23:56 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml [2011.04.22 13:23:50 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml [2011.04.19 21:46:03 | 000,015,573 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2011.04.06 21:13:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011.04.06 21:13:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011.04.06 20:47:17 | 005,983,060 | ---- | C] () -- C:\Users\Flomo\Desktop\Nur der Wille zählt drums.wma [2011.04.06 18:50:16 | 290,259,750 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.04 18:23:16 | 000,073,132 | ---- | C] () -- C:\Users\Flomo\Desktop\Blut und Sand mit solo NEU#.gp5 [2011.04.01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.04.01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.04.01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.04.01 04:56:20 | 000,039,318 | ---- | C] () -- C:\Windows\System32\Repository.reg [2011.04.01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.03.30 11:17:27 | 000,960,480 | ---- | C] () -- C:\Users\Flomo\Desktop\hihihi.mp3 [2011.03.28 21:14:03 | 004,508,767 | ---- | C] () -- C:\Users\Flomo\Desktop\Photosynthesis song !.mp3 [2011.03.22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.02.27 23:58:07 | 000,000,293 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.10.10 15:19:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2010.10.10 15:18:52 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2010.10.10 15:17:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2010.10.10 15:16:40 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2010.08.29 17:52:47 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.08.25 17:40:07 | 000,673,546 | ---- | C] () -- C:\Windows\unins000.exe [2010.08.25 17:40:07 | 000,007,443 | ---- | C] () -- C:\Windows\unins000.dat [2010.06.05 20:39:47 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2010.04.08 20:40:57 | 000,000,094 | ---- | C] () -- C:\Windows\Lexstat.ini [2010.04.04 22:57:23 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.03.17 17:55:10 | 000,000,066 | ---- | C] () -- C:\Windows\BBW_INFO.INI [2010.02.13 17:03:23 | 000,253,952 | ---- | C] () -- C:\Windows\System32\_Valve001.dll [2010.01.11 16:25:18 | 000,003,584 | ---- | C] () -- C:\Users\Flomo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.22 16:36:11 | 000,000,296 | ---- | C] () -- C:\Windows\game.ini [2009.12.17 15:26:53 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.17 15:26:27 | 000,215,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.12.17 15:26:25 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2009.12.17 15:26:25 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.12.10 16:04:40 | 000,007,605 | ---- | C] () -- C:\Users\Flomo\AppData\Local\resmon.resmoncfg [2009.12.10 00:25:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 002,385,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe [2007.02.07 17:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2007.01.22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll [2006.11.30 13:34:24 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll [2005.10.05 12:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll [2005.09.13 16:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll ========== LOP Check ========== [2011.04.22 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\2D753C1435209D9D5FCA726813524BBE [2010.01.08 22:42:15 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\Blue Cat Audio [2011.04.18 01:12:12 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\Celemony Software GmbH [2010.11.28 00:03:53 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\Chirurgie Simulation [2009.12.11 19:34:15 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\DAEMON Tools Lite [2009.12.11 16:47:19 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\DAEMON Tools Pro [2010.11.27 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\FileZilla [2010.02.01 01:09:36 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\FRITZ! [2010.08.14 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\GetRightToGo [2010.02.17 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\GNU Solfege [2010.05.24 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\Guitar Pro 6 [2011.04.22 21:53:00 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\HLSW [2011.04.23 00:06:37 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\ICQ [2010.08.11 18:08:40 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\Leadertech [2011.02.27 23:59:19 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\Lexware [2009.12.15 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\Spesoft Audio Converter [2010.08.20 15:28:18 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\Steinberg [2010.09.07 20:49:31 | 000,000,000 | ---D | M] -- C:\Users\Flomo\AppData\Roaming\VST3 Presets [2011.04.22 23:02:37 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\LBXSAK.job [2011.04.22 23:02:37 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\lomqgsiktv.job [2011.03.01 09:57:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.23 00:10:15 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.04.23 00:11:01 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.12.10 04:36:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.03.17 18:03:54 | 000,000,000 | ---D | M] -- C:\bb [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.10 04:35:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.04.08 20:38:17 | 000,000,000 | ---D | M] -- C:\drivers [2009.12.11 19:35:18 | 000,000,000 | ---D | M] -- C:\Games [2009.12.14 00:17:18 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.05.04 19:29:26 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.23 00:11:55 | 000,000,000 | R--D | M] -- C:\Programme [2011.04.06 21:13:28 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.12.10 04:35:54 | 000,000,000 | -HSD | M] -- C:\Programme [2011.01.05 21:54:22 | 000,000,000 | ---D | M] -- C:\PSFONTS [2009.12.10 04:35:55 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.04.22 23:50:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.12.10 04:36:04 | 000,000,000 | R--D | M] -- C:\Users [2011.04.22 23:49:33 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-22 11:38:03 < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2011 00:13:55 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Flomo\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
11,00 Gb Paging File | 9,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 37,86 Gb Free Space | 38,77% Space Free | Partition Type: NTFS
Drive D: | 368,01 Gb Total Space | 314,27 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 285,62 Gb Free Space | 30,66% Space Free | Partition Type: NTFS
Computer Name: FLOMO-PC | User Name: Flomo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E337869-756A-4E46-A936-0E67FE043A5E}" = Melodyne 3.2
"{3227A0AC-B760-424F-9EDE-17DA3FE275CB}_is1" = Sonate und Sinfonie
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4C4DC88C-1C41-457C-BB14-9FAE6E3CEFBD}" = Lexware faktura+auftrag 2011
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{5E09FA7C-4B4A-46FB-A554-B7A88E8D7B62}" = Melodyne 3.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D55C2B4-023C-11E0-9D76-1DA1DFD72085}" = M-Audio FastTrackPro Driver 6.0.7 (x86)
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7029C67C-7B87-4194-9B49-09890067D869}" = Melodyne plugin
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C49987B-689E-469D-86AE-8E325A038701}" = Melodyne plugin
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.2
"{A6CB9620-444F-4B8B-B088-C2BD3FD0A587}_is1" = Counter-Strike 1.6 V42 No-Steam
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C3BBA5F6-83A0-4B12-A70E-6F391D659BA2}_is1" = Chirurgie-Simulator Version 1.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C94C0C65-4019-4FA7-A620-76011CE95C51}" = AudiLab 2007
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}" = Keyboard Driver
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"AC3Filter" = AC3Filter (remove only)
"Addictive Drums" = Addictive Drums
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle Los Angeles" = Battle Los Angeles
"BB_is1" = Band-in-a-Box 2008
"Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FileZilla Client" = FileZilla Client 3.3.5.1
"Finale NotePad 2008" = Finale NotePad 2008
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Metronome" = Free Metronome 1.1.0 r1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GNU Solfege_is1" = GNU Solfege 3.14.11
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HLSW_is1" = HLSW v1.3.3.7b
"ICQToolbar" = ICQ Toolbar
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{DFCDD1CE-6D49-49B8-BFB7-93391D22776B}" = Keyboard Driver
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"JDownloader" = JDownloader
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Maple Virtual Midi Cable_is1" = Hurchalla Maple VMidi Cable v3.56
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
"MKVtoolnix" = MKVtoolnix 4.2.0
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"PunkBusterSvc" = PunkBuster Services
"SP6" = Logitech SetPoint 6.15
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"Sweet Little Piano 32" = Sweet Little Piano 32 (remove only)
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"tvbrowser" = TV-Browser 2.7.5
"Uninstall_is1" = Uninstall 1.0.0.1
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"VLC media player" = VLC media player 1.1.8
"Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
23.04.2011, 19:52
| #2 |
| /// TB-Ausbilder   | Problem mit Trojaner Virtumonde - Entfernung nicht möglich Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich bereite jetzt einen Fix vor und melde mich so bald als möglich mit weiteren Anweisungen. |
|
23.04.2011, 20:55
| #3 | ||
| /// TB-Ausbilder | Problem mit Trojaner Virtumonde - Entfernung nicht möglich Hallo Flomo,
__________________Schritt # 1: Löschen von Google Umleitungen mit GooredFix Downloade dir bitte GooredFix.exe auf Deinem Desktop.
Schritt # 2: Fix mit OTL
Code:
ATTFilter :OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\{DD966AD8-C524-4E0B-BEB6-C21E63794F7C}: C:\Users\Flomo\AppData\Local\{DD966AD8-C524-4E0B-BEB6-C21E63794F7C}\ [2011.04.22 21:29:15 | 000,000,000 | ---D | M]
[2011.04.22 21:29:15 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\FLOMO\APPDATA\LOCAL\{DD966AD8-C524-4E0B-BEB6-C21E63794F7C}
O4 - HKCU..\Run: [2EOETFM3W2] File not found
O4 - HKCU..\Run: [D1T2EUR7FZ] File not found
O4 - HKCU..\Run: [NtWqIVLZEWZU] File not found
O4 - HKCU..\Run: [Fmetecahexofip] C:\Users\Flomo\AppData\Local\piatera0.dll (Red Hat)
[2011.04.22 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Flomo\AppData\Roaming\2D753C1435209D9D5FCA726813524BBE
[2011.04.22 21:27:35 | 000,116,224 | ---- | C] (videosoft) -- C:\Windows\Ffeqea.exe
[2011.04.23 00:11:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.04.23 00:10:15 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.04.22 23:02:37 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\lomqgsiktv.job
[2011.04.22 23:02:37 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\LBXSAK.job
[2011.04.22 21:29:17 | 000,000,000 | ---- | M] () -- C:\Users\Flomo\AppData\Local\Fhagesic.bin
[2011.04.22 21:29:16 | 000,000,120 | ---- | M] () -- C:\Users\Flomo\AppData\Local\Gbusaripecil.dat
[2011.04.22 21:27:32 | 000,116,224 | ---- | M] (videosoft) -- C:\Windows\Ffeqeb.exe
[2011.04.22 21:27:31 | 000,106,496 | RHS- | M] () -- C:\Windows\System32\winloadv.dll
[2011.04.22 23:02:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
:Commands
[purity]
[emptytemp]
Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM) Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt # 4: Fragen beantworten Bitte beantworte mir folgende Fragen:
Schritt # 5: Systemscan mit OTL
Schritt # 6: GMER Rootkitscan Bitte
Schritt # 7: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
Textbox.
Vorerst kann du es auf deinem Rechner belassen.
Button.
Linear-Darstellung
