Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner 40 TANs Sparkasse

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.08.2010, 13:02   #1
Kaligafix
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



Hallo habe das Problem wie viele andere hier. Kann ich als Lösung die der anderen nutzen, oder ist das immer individuell?

Hab schonmal OTL laufen lassen:

Bin dankbar für jede HilfeOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.08.2010 13:41:57 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Fischer\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 176,38 Gb Free Space | 59,17% Space Free | Partition Type: NTFS
Drive D: | 1,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,87 Gb Total Space | 0,86 Gb Free Space | 46,06% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FISCHER-PC
Current User Name: Fischer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fischer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Users\Fischer\AppData\Roaming\Olda\foni.exe (fres)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fischer\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\wkscli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 89 60 2B 7D D6 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.5.5
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.5
FF - prefs.js..extensions.enabledItems: kempelton_large-fx@arvidaxelsson.se:3.2.1
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: {6dab0fc6-e9b5-11db-8314-0800200c9a66}:1.4.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.30 13:26:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.30 12:24:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.02 18:59:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Extensions
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.11 08:29:00 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions
[2010.03.13 16:22:04 | 000,000,000 | ---D | M] (BlackX) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2010.02.16 20:48:14 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010.03.13 16:22:04 | 000,000,000 | ---D | M] (Sir.Community) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{6dab0fc6-e9b5-11db-8314-0800200c9a66}
[2010.07.18 21:58:07 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.04.14 21:40:08 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.06.26 12:50:36 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009.12.11 18:23:24 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.04.14 16:19:11 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.11.29 18:15:41 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\firefox@tvunetworks.com
[2010.04.03 10:40:02 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\kempelton_large-fx@arvidaxelsson.se
[2010.01.07 14:47:59 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\npfax@microgaming.co.uk
[2010.04.14 21:40:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\personas@christopher.beard
[2010.04.15 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\silvermel@pardal.de
[2010.04.15 21:03:07 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\silvermelxt@pardal.de
[2010.06.26 12:50:40 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\smarterwiki@wikiatic.com
[2010.06.26 12:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010.04.14 21:40:15 | 000,000,873 | ---- | M] () -- C:\Users\Fischer\AppData\Roaming\Mozilla\FireFox\Profiles\ta4tbi8x.default\searchplugins\conduit.xml
[2010.08.11 08:29:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.11 06:44:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.09.05 20:58:42 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll
[2010.06.25 16:01:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 16:01:49 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.25 16:01:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.25 16:01:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.25 16:01:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.10 18:56:07 | 000,415,667 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14346 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [{BB90237A-63DE-B249-3B60-842B44FE081D}] C:\Users\Fischer\AppData\Roaming\Olda\foni.exe (fres)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.18 21:48:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008.10.27 10:31:58 | 001,683,456 | R--- | M] (Dancing Dots) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.10.27 10:31:18 | 000,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0b9e5bae-8cde-11df-bf9f-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{0b9e5bae-8cde-11df-bf9f-001e101f79c9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{7f837dc8-8b95-11df-b4ee-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{7f837dc8-8b95-11df-b4ee-00222004d76d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{812bd7a7-b8bf-11de-b706-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{812bd7a7-b8bf-11de-b706-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008.10.27 10:31:58 | 001,683,456 | R--- | M] (Dancing Dots)
O33 - MountPoints2\{99b8538c-8ccb-11df-b71a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{99b8538c-8ccb-11df-b71a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{99b853bb-8ccb-11df-b71a-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{99b853bb-8ccb-11df-b71a-00222004d76d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{c96c5c49-9108-11df-b9da-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{c96c5c49-9108-11df-b9da-00222004d76d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.31 11:31:55 | 000,000,000 | ---D | C] -- C:\Users\Fischer\Documents\Horse Life
[2010.07.31 11:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2010.07.26 13:17:39 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Roaming\Google
[2010.07.22 19:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParadisePoker
[2010.07.22 12:48:40 | 000,000,000 | ---D | C] -- C:\Casino
[2010.07.22 11:55:46 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET
[2010.07.22 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Local\Paint.NET
[2010.07.22 11:10:15 | 000,000,000 | ---D | C] -- C:\Users\Fischer\Documents\SolidWorks Downloads
[2010.07.16 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Roaming\FLEXnet
[2010.07.14 13:52:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.11 13:44:08 | 009,175,040 | -HS- | M] () -- C:\Users\Fischer\ntuser.dat
[2010.08.11 13:41:14 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.11 13:37:14 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 13:37:14 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 13:34:07 | 001,494,278 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.11 13:34:07 | 000,652,214 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.11 13:34:07 | 000,614,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.11 13:34:07 | 000,129,940 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.11 13:34:07 | 000,106,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.11 13:30:13 | 000,104,377 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.11 13:29:41 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.11 13:29:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.11 13:29:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 13:29:22 | 3018,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.11 13:28:26 | 006,126,216 | -H-- | M] () -- C:\Users\Fischer\AppData\Local\IconCache.db
[2010.08.10 18:56:07 | 000,415,667 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.08.05 13:14:21 | 000,104,377 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.31 14:53:42 | 480,454,009 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.31 11:35:29 | 000,001,166 | ---- | M] () -- C:\Users\Fischer\Desktop\Horse Life.lnk
[2010.07.27 13:05:45 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\William Hill Casino.lnk
[2010.07.26 13:57:05 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010.07.26 13:56:09 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Style Builder.lnk
[2010.07.26 13:56:08 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\LayOut 2.lnk
[2010.07.26 13:56:07 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.07.22 19:51:45 | 000,001,023 | ---- | M] () -- C:\Users\Fischer\Desktop\ParadisePoker.lnk
[2010.07.22 11:56:38 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.07.22 11:07:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2010.07.31 11:35:29 | 000,001,166 | ---- | C] () -- C:\Users\Fischer\Desktop\Horse Life.lnk
[2010.07.27 13:05:45 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\William Hill Casino.lnk
[2010.07.26 13:57:05 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010.07.26 13:56:09 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Style Builder.lnk
[2010.07.26 13:56:08 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\LayOut 2.lnk
[2010.07.26 13:56:07 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.07.22 19:51:45 | 000,001,023 | ---- | C] () -- C:\Users\Fischer\Desktop\ParadisePoker.lnk
[2010.07.22 11:56:38 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.07.11 13:20:31 | 001,514,120 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.01 00:52:41 | 003,923,968 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll
[2009.12.20 13:33:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.12 10:47:56 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009.11.07 17:17:09 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2009.11.05 20:18:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.30 08:56:49 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.10.23 21:05:48 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.08.21 21:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\PowerPoker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Intertops Poker:MID
< End of report >
         
--- --- ---

Alt 11.08.2010, 13:23   #2
markusg
/// Malware-holic
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



1. rufe die bank an, lasse online banking sperren.
2. otl noch mal ausführen.
Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide bitte
__________________


Alt 11.08.2010, 15:21   #3
Kaligafix
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



Bitte, hoffentlich ist es zu retten OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.08.2010 16:02:25 - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Fischer\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 175,99 Gb Free Space | 59,04% Space Free | Partition Type: NTFS
Drive D: | 1,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,87 Gb Total Space | 0,86 Gb Free Space | 46,06% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FISCHER-PC
Current User Name: Fischer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fischer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Users\Fischer\AppData\Roaming\Olda\foni.exe (fres)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fischer\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\wkscli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 89 60 2B 7D D6 CA 01  [binary data]
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.5.5
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.5
FF - prefs.js..extensions.enabledItems: kempelton_large-fx@arvidaxelsson.se:3.2.1
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: {6dab0fc6-e9b5-11db-8314-0800200c9a66}:1.4.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.30 13:26:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.30 12:24:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.02 18:59:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Extensions
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.11 08:29:00 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions
[2010.03.13 16:22:04 | 000,000,000 | ---D | M] (BlackX) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2010.02.16 20:48:14 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010.03.13 16:22:04 | 000,000,000 | ---D | M] (Sir.Community) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{6dab0fc6-e9b5-11db-8314-0800200c9a66}
[2010.07.18 21:58:07 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.04.14 21:40:08 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.06.26 12:50:36 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009.12.11 18:23:24 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.04.14 16:19:11 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.11.29 18:15:41 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\firefox@tvunetworks.com
[2010.04.03 10:40:02 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\kempelton_large-fx@arvidaxelsson.se
[2010.01.07 14:47:59 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\npfax@microgaming.co.uk
[2010.04.14 21:40:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\personas@christopher.beard
[2010.04.15 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\silvermel@pardal.de
[2010.04.15 21:03:07 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\silvermelxt@pardal.de
[2010.06.26 12:50:40 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\smarterwiki@wikiatic.com
[2010.06.26 12:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010.04.14 21:40:15 | 000,000,873 | ---- | M] () -- C:\Users\Fischer\AppData\Roaming\Mozilla\FireFox\Profiles\ta4tbi8x.default\searchplugins\conduit.xml
[2010.08.11 08:29:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.11 06:44:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.09.05 20:58:42 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll
[2010.06.25 16:01:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 16:01:49 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.25 16:01:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.25 16:01:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.25 16:01:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.10 18:56:07 | 000,415,667 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14346 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4214731021-727075759-893282977-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4214731021-727075759-893282977-1000..\Run: [{BB90237A-63DE-B249-3B60-842B44FE081D}] C:\Users\Fischer\AppData\Roaming\Olda\foni.exe (fres)
O4 - HKU\S-1-5-21-4214731021-727075759-893282977-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.18 21:48:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008.10.27 10:31:58 | 001,683,456 | R--- | M] (Dancing Dots) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.10.27 10:31:18 | 000,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0b9e5bae-8cde-11df-bf9f-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{0b9e5bae-8cde-11df-bf9f-001e101f79c9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{7f837dc8-8b95-11df-b4ee-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{7f837dc8-8b95-11df-b4ee-00222004d76d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{812bd7a7-b8bf-11de-b706-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{812bd7a7-b8bf-11de-b706-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008.10.27 10:31:58 | 001,683,456 | R--- | M] (Dancing Dots)
O33 - MountPoints2\{99b8538c-8ccb-11df-b71a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{99b8538c-8ccb-11df-b71a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{99b853bb-8ccb-11df-b71a-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{99b853bb-8ccb-11df-b71a-00222004d76d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{c96c5c49-9108-11df-b9da-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{c96c5c49-9108-11df-b9da-00222004d76d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {0EC9ABED-F369-797A-ADAF-80D3E2D7D475} - Browser Customizations
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {77F5313B-F7E8-FDF4-73A8-0EC19E7120EC} - Internet Explorer
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9144AA15-DDC9-731C-C53D-CC4A2D6A7DB7} - Browser Customizations
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B29A5B66-3DE0-9FCA-E491-D7F25F3D58D3} - Microsoft Windows Media Player
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {D070E872-AA96-3102-1858-D1A7CB04FFE8} - Browser Customizations
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9D635AEB-9D14-00C2-2049-5E491ED9D7FA} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.31 11:31:55 | 000,000,000 | ---D | C] -- C:\Users\Fischer\Documents\Horse Life
[2010.07.31 11:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2010.07.26 13:17:39 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Roaming\Google
[2010.07.22 19:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParadisePoker
[2010.07.22 12:48:40 | 000,000,000 | ---D | C] -- C:\Casino
[2010.07.22 11:55:46 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET
[2010.07.22 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Local\Paint.NET
[2010.07.22 11:10:15 | 000,000,000 | ---D | C] -- C:\Users\Fischer\Documents\SolidWorks Downloads
[2010.07.16 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Roaming\FLEXnet
[2010.07.14 13:52:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.11 16:06:00 | 009,175,040 | -HS- | M] () -- C:\Users\Fischer\ntuser.dat
[2010.08.11 15:41:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.11 14:41:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.11 13:37:14 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 13:37:14 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 13:34:07 | 001,494,278 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.11 13:34:07 | 000,652,214 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.11 13:34:07 | 000,614,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.11 13:34:07 | 000,129,940 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.11 13:34:07 | 000,106,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.11 13:30:13 | 000,104,377 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.11 13:29:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.11 13:29:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 13:29:22 | 3018,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.11 13:28:26 | 006,126,216 | -H-- | M] () -- C:\Users\Fischer\AppData\Local\IconCache.db
[2010.08.10 18:56:07 | 000,415,667 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.08.05 13:14:21 | 000,104,377 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.31 14:53:42 | 480,454,009 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.31 11:35:29 | 000,001,166 | ---- | M] () -- C:\Users\Fischer\Desktop\Horse Life.lnk
[2010.07.27 13:05:45 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\William Hill Casino.lnk
[2010.07.26 13:57:05 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010.07.26 13:56:09 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Style Builder.lnk
[2010.07.26 13:56:08 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\LayOut 2.lnk
[2010.07.26 13:56:07 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.07.22 19:51:45 | 000,001,023 | ---- | M] () -- C:\Users\Fischer\Desktop\ParadisePoker.lnk
[2010.07.22 11:56:38 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.07.22 11:07:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2010.07.31 11:35:29 | 000,001,166 | ---- | C] () -- C:\Users\Fischer\Desktop\Horse Life.lnk
[2010.07.27 13:05:45 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\William Hill Casino.lnk
[2010.07.26 13:57:05 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010.07.26 13:56:09 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Style Builder.lnk
[2010.07.26 13:56:08 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\LayOut 2.lnk
[2010.07.26 13:56:07 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.07.22 19:51:45 | 000,001,023 | ---- | C] () -- C:\Users\Fischer\Desktop\ParadisePoker.lnk
[2010.07.22 11:56:38 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.07.11 13:20:31 | 001,514,120 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.01 00:52:41 | 003,923,968 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll
[2009.12.20 13:33:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.12 10:47:56 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009.11.07 17:17:09 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2009.11.05 20:18:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.30 08:56:49 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.10.23 21:05:48 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.08.21 21:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
 
========== LOP Check ==========
 
[2010.08.11 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Akwyot
[2009.11.19 11:54:48 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Autodesk
[2009.11.09 23:08:50 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Betfair
[2009.12.23 22:06:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\blaxxun interactive
[2009.11.05 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Canneverbe_Limited
[2010.03.16 22:53:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\CircuitWorks
[2010.03.16 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DassaultSystemes
[2010.03.16 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DWGeditor
[2010.01.04 11:26:35 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\foobar2000
[2010.08.11 13:29:56 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\IM
[2009.11.12 11:09:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Luxology
[2010.05.22 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\McPoker Casino
[2009.11.06 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Meridian93
[2010.04.16 22:16:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Microgaming
[2009.11.11 18:15:34 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Nordic Games
[2010.01.16 21:02:23 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Olda
[2009.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ProtectDisc
[2009.10.30 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ScanSoft
[2010.05.16 15:44:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\StreamTorrent
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Thunderbird
[2010.07.26 13:54:47 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\uTorrent
[2010.07.09 22:10:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Vodafone
[2010.01.19 18:18:12 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Z-Software
[2010.08.06 15:38:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.15 15:12:13 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Adobe
[2010.08.11 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Akwyot
[2009.11.19 11:54:48 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Autodesk
[2009.11.09 23:08:50 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Betfair
[2009.12.23 22:06:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\blaxxun interactive
[2009.11.05 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Canneverbe_Limited
[2010.03.16 22:53:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\CircuitWorks
[2010.03.16 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DassaultSystemes
[2009.11.06 22:15:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DivX
[2010.03.16 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DWGeditor
[2010.07.16 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\FLEXnet
[2010.01.04 11:26:35 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\foobar2000
[2010.07.26 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Google
[2009.10.14 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Identities
[2010.08.11 13:29:56 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\IM
[2009.11.12 11:09:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Luxology
[2009.10.14 15:59:40 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Macromedia
[2010.05.22 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\McPoker Casino
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Media Center Programs
[2009.11.06 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Meridian93
[2010.04.16 22:16:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Microgaming
[2010.07.09 11:23:56 | 000,000,000 | --SD | M] -- C:\Users\Fischer\AppData\Roaming\Microsoft
[2009.10.15 13:46:06 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Mozilla
[2009.11.05 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Nero
[2009.11.11 18:15:34 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Nordic Games
[2010.01.16 21:02:23 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Olda
[2009.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ProtectDisc
[2009.10.30 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ScanSoft
[2010.08.03 22:54:19 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\SolidWorks
[2009.11.19 11:11:59 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\SolidWorks 2009
[2010.05.16 15:44:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\StreamTorrent
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Thunderbird
[2010.07.26 13:54:47 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\uTorrent
[2010.07.09 22:10:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Vodafone
[2009.10.15 15:12:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\WinRAR
[2010.01.19 18:18:12 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Z-Software
 
< %APPDATA%\*.exe /s >
[2010.06.17 12:38:49 | 002,568,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Fischer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.03.16 22:34:48 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\ARPPRODUCTICON.exe
[2010.03.16 22:34:48 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\NewShortcut1_5135BE5531E34696827B50FE43E48CC2_1.exe
[2010.03.16 22:34:48 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\NewShortcut2_5135BE5531E34696827B50FE43E48CC2_1.exe
[2009.12.10 01:05:05 | 000,010,134 | R--- | M] () -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.01.16 21:02:23 | 000,133,632 | ---- | M] (fres) -- C:\Users\Fischer\AppData\Roaming\Olda\foni.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\PowerPoker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Intertops Poker:MID
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.08.2010 16:02:25 - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Fischer\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 175,99 Gb Free Space | 59,04% Space Free | Partition Type: NTFS
Drive D: | 1,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,87 Gb Total Space | 0,86 Gb Free Space | 46,06% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FISCHER-PC
Current User Name: Fischer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [Unstopcp] -- "C:\Program Files (x86)\Roadkil.Net\UnstopCpy_4_2_Win2K_UP.exe" "%1" * (Roadkil.Net)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [Unstopcp] -- "C:\Program Files (x86)\Roadkil.Net\UnstopCpy_4_2_Win2K_UP.exe" "%1" * (Roadkil.Net)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{52DB1D16-C1EF-4794-845D-B35046F47F91}" = SolidWorks Motion 2009 SP0 x64 Edition
"{54A6545B-70EF-415D-BF7E-E25FCD2A564E}" = SolidWorks Simulation 2009 SP0 x64 Edition
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A840ECEA-1A74-4F39-9F6A-1FC843CB2AD9}" = COSMOSM 2009 x64 Edition (2008/250)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BEA574B4-9B91-4109-9593-F012D94801D5}" = SolidWorks 2009 x64 Edition SP0
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{FDB284EF-3043-4A65-A94D-9F96F342FAB1}" = SolidWorks Explorer 2009 sp0 x64 Edition
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"doPDF 6  printer_is1" = doPDF 6.3  printer
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06379784-4648-46BF-9426-0B10817F0AF5}" = PhotoView 360
"{08716EF4-E4CC-4BC7-97D5-7B6990114ACD}" = Betfair Poker
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D7ECFC-B252-4990-A6BC-1C550A046FE5}" = SolidWorks eDrawings 2009
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{310B8C9E-63EA-4A87-8139-5C1B84211F3D}" = SolidWorks viewer
"{3AD878EC-9E18-4C76-8907-66192BA38A08}" = Bet Record Longest Streaks Explorer 4
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64264EA0-707C-467A-942E-127A3C415E49}" = A Geeks Toy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139C}" = Fussball Manager 2004
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-008A-0407-0000-0000000FF1CE}" = Microsoft Office 2007-Minianwendung für zuletzt verwendete Dokumente
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A1A2073C-33FC-4890-86E2-FE7D2B8AFE0F}" = Betfair Poker
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 4.2
"{A34386F8-7655-4E3B-9F51-D3064F607C89}" = blaxxun Contact
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B2524-34DD-4B66-B294-69DF1B865869}_is1" = Handball Challenge Trainingscamp
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE1671E1-ECB2-446B-A278-E8C56CFC839E}" = DWGeditor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"3D Pool Billiard" = 3D Pool Billiard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"contact" = blaxxun Contact
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v0.9.6.9
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Handball Manager 2009 " = Handball Manager 2009
"Handball-Simulator: European Tournament 2010" = Handball-Simulator: European Tournament 2010
"Horse Life_is1" = Horse Life
"Intertops (Poker)" = Intertops Poker
"Intertops Poker(uninstall)" = Intertops Poker
"IsoBuster_is1" = IsoBuster 2.5.5
"KartRacer_is1" = Kart Racer
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"OpenAL" = OpenAL
"ParadisePoker" = ParadisePoker
"PRJPRO" = Microsoft Office Project Professional 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SADK" = Die Siedler - Aufbruch der Kulturen
"SenseConnect" = SenseConnect
"SolidWorks Installation Manager 20090-40000-1100-100" = SolidWorks 2009 SP0
"SopCast" = SopCast 3.2.4
"ST5UNST #1" = Kaminfeuer Titanium Edition II
"StreamTorrent 1.0" = StreamTorrent 1.0
"Super Internet TV (Free Edition)_is1" = Super Internet TV v8.0 (Free Edition)
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.9.1
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.15
"VISPRO" = Microsoft Office Visio Professional 2007
"William Hill Casino" = William Hill Casino
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________

Alt 11.08.2010, 16:08   #4
markusg
/// Malware-holic
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKU\S-1-5-21-4214731021-727075759-893282977-1000..\Run: [{BB90237A-63DE-B249-3B60-842B44FE081D}] C:\Users\Fischer\AppData\Roaming\Olda\foni.exe (fres)
[2010.08.11 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Akwyot
[2009.11.12 11:09:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Luxology
[2010.01.16 21:02:23 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Olda
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

Alt 11.08.2010, 16:27   #5
Kaligafix
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



ich sag schonmal DANKE

aber woher bekommt man sowas? dachte mit spybot und avira ist man"geschützt" !?


All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.9.1 log created on 08112010_171933

Files\Folders moved on Reboot...
C:\Users\Fischer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


Alt 11.08.2010, 16:39   #6
markusg
/// Malware-holic
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



du hast nicht ab :OTL
kopiert.
nein, nur avira und spybot reichen nicht. ich zeige dir dann wie du ihn besser absicherst.
führe das otl script noch mal aus und kopier diesmal alles :-)

Alt 11.08.2010, 17:49   #7
Kaligafix
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



So nun hab ichs



All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4214731021-727075759-893282977-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{BB90237A-63DE-B249-3B60-842B44FE081D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB90237A-63DE-B249-3B60-842B44FE081D}\ not found.
File C:\Users\Fischer\AppData\Roaming\Olda\foni.exe not found.
Folder C:\Users\Fischer\AppData\Roaming\Akwyot\ not found.
Folder C:\Users\Fischer\AppData\Roaming\Luxology\ not found.
Folder C:\Users\Fischer\AppData\Roaming\Olda\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fischer
->Flash cache emptied: 456 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fischer
->Temp folder emptied: 348836 bytes
->Temporary Internet Files folder emptied: 190877252 bytes
->Java cache emptied: 65778666 bytes
->FireFox cache emptied: 97144857 bytes
->Google Chrome cache emptied: 6528465 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 402716 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 913034167 bytes

Total Files Cleaned = 1.215,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08112010_183910

Files\Folders moved on Reboot...
C:\Users\Fischer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Alt 11.08.2010, 17:52   #8
markusg
/// Malware-holic
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



poste noch mal ein neues otl log mit den von mir gemachten vorgaben.

Alt 11.08.2010, 18:15   #9
Kaligafix
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



Meinst das hier ?OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.08.2010 19:02:44 - Run 4
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Fischer\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 177,86 Gb Free Space | 59,67% Space Free | Partition Type: NTFS
Drive D: | 1,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,87 Gb Total Space | 0,86 Gb Free Space | 46,06% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FISCHER-PC
Current User Name: Fischer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fischer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fischer\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 89 60 2B 7D D6 CA 01  [binary data]
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.5.5
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.5
FF - prefs.js..extensions.enabledItems: kempelton_large-fx@arvidaxelsson.se:3.2.1
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: {6dab0fc6-e9b5-11db-8314-0800200c9a66}:1.4.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.30 13:26:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.30 12:24:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.02 18:59:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Extensions
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.11 08:29:00 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions
[2010.03.13 16:22:04 | 000,000,000 | ---D | M] (BlackX) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2010.02.16 20:48:14 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010.03.13 16:22:04 | 000,000,000 | ---D | M] (Sir.Community) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{6dab0fc6-e9b5-11db-8314-0800200c9a66}
[2010.07.18 21:58:07 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.04.14 21:40:08 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.06.26 12:50:36 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009.12.11 18:23:24 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.04.14 16:19:11 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.11.29 18:15:41 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\firefox@tvunetworks.com
[2010.04.03 10:40:02 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\kempelton_large-fx@arvidaxelsson.se
[2010.01.07 14:47:59 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\npfax@microgaming.co.uk
[2010.04.14 21:40:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\personas@christopher.beard
[2010.04.15 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\silvermel@pardal.de
[2010.04.15 21:03:07 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\silvermelxt@pardal.de
[2010.06.26 12:50:40 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\smarterwiki@wikiatic.com
[2010.06.26 12:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010.04.14 21:40:15 | 000,000,873 | ---- | M] () -- C:\Users\Fischer\AppData\Roaming\Mozilla\FireFox\Profiles\ta4tbi8x.default\searchplugins\conduit.xml
[2010.08.11 08:29:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.11 06:44:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.09.05 20:58:42 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll
[2010.06.25 16:01:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 16:01:49 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.25 16:01:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.25 16:01:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.25 16:01:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.10 18:56:07 | 000,415,667 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14346 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4214731021-727075759-893282977-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4214731021-727075759-893282977-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.18 21:48:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008.10.27 10:31:58 | 001,683,456 | R--- | M] (Dancing Dots) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.10.27 10:31:18 | 000,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0b9e5bae-8cde-11df-bf9f-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{0b9e5bae-8cde-11df-bf9f-001e101f79c9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{7f837dc8-8b95-11df-b4ee-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{7f837dc8-8b95-11df-b4ee-00222004d76d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{812bd7a7-b8bf-11de-b706-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{812bd7a7-b8bf-11de-b706-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008.10.27 10:31:58 | 001,683,456 | R--- | M] (Dancing Dots)
O33 - MountPoints2\{99b8538c-8ccb-11df-b71a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{99b8538c-8ccb-11df-b71a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{99b853bb-8ccb-11df-b71a-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{99b853bb-8ccb-11df-b71a-00222004d76d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{c96c5c49-9108-11df-b9da-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{c96c5c49-9108-11df-b9da-00222004d76d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {0EC9ABED-F369-797A-ADAF-80D3E2D7D475} - Browser Customizations
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {77F5313B-F7E8-FDF4-73A8-0EC19E7120EC} - Internet Explorer
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9144AA15-DDC9-731C-C53D-CC4A2D6A7DB7} - Browser Customizations
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B29A5B66-3DE0-9FCA-E491-D7F25F3D58D3} - Microsoft Windows Media Player
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {D070E872-AA96-3102-1858-D1A7CB04FFE8} - Browser Customizations
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9D635AEB-9D14-00C2-2049-5E491ED9D7FA} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.11 17:18:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.11 16:52:40 | 000,000,000 | ---D | C] -- C:\Users\Fischer\Desktop\otl
[2010.07.31 11:31:55 | 000,000,000 | ---D | C] -- C:\Users\Fischer\Documents\Horse Life
[2010.07.31 11:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2010.07.26 13:17:39 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Roaming\Google
[2010.07.22 19:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParadisePoker
[2010.07.22 12:48:40 | 000,000,000 | ---D | C] -- C:\Casino
[2010.07.22 11:55:46 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET
[2010.07.22 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Local\Paint.NET
[2010.07.22 11:10:15 | 000,000,000 | ---D | C] -- C:\Users\Fischer\Documents\SolidWorks Downloads
[2010.07.16 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Roaming\FLEXnet
[2010.07.14 13:52:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.11 19:05:45 | 009,175,040 | -HS- | M] () -- C:\Users\Fischer\ntuser.dat
[2010.08.11 18:52:24 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 18:52:24 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 18:49:18 | 001,494,278 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.11 18:49:18 | 000,652,214 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.11 18:49:18 | 000,614,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.11 18:49:18 | 000,129,940 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.11 18:49:18 | 000,106,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.11 18:45:43 | 000,104,377 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.11 18:44:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.11 18:44:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.11 18:44:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 18:44:39 | 3018,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.11 18:43:52 | 006,141,742 | -H-- | M] () -- C:\Users\Fischer\AppData\Local\IconCache.db
[2010.08.11 18:41:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.10 18:56:07 | 000,415,667 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.08.05 13:14:21 | 000,104,377 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.31 14:53:42 | 480,454,009 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.31 11:35:29 | 000,001,166 | ---- | M] () -- C:\Users\Fischer\Desktop\Horse Life.lnk
[2010.07.27 13:05:45 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\William Hill Casino.lnk
[2010.07.26 13:57:05 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010.07.26 13:56:09 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Style Builder.lnk
[2010.07.26 13:56:08 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\LayOut 2.lnk
[2010.07.26 13:56:07 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.07.22 19:51:45 | 000,001,023 | ---- | M] () -- C:\Users\Fischer\Desktop\ParadisePoker.lnk
[2010.07.22 11:56:38 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.07.22 11:07:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2010.07.31 11:35:29 | 000,001,166 | ---- | C] () -- C:\Users\Fischer\Desktop\Horse Life.lnk
[2010.07.27 13:05:45 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\William Hill Casino.lnk
[2010.07.26 13:57:05 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010.07.26 13:56:09 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Style Builder.lnk
[2010.07.26 13:56:08 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\LayOut 2.lnk
[2010.07.26 13:56:07 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.07.22 19:51:45 | 000,001,023 | ---- | C] () -- C:\Users\Fischer\Desktop\ParadisePoker.lnk
[2010.07.22 11:56:38 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.07.11 13:20:31 | 001,514,120 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.01 00:52:41 | 003,923,968 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll
[2009.12.20 13:33:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.12 10:47:56 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009.11.07 17:17:09 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2009.11.05 20:18:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.30 08:56:49 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.10.23 21:05:48 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.08.21 21:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
 
========== LOP Check ==========
 
[2009.11.19 11:54:48 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Autodesk
[2009.11.09 23:08:50 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Betfair
[2009.12.23 22:06:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\blaxxun interactive
[2009.11.05 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Canneverbe_Limited
[2010.03.16 22:53:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\CircuitWorks
[2010.03.16 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DassaultSystemes
[2010.03.16 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DWGeditor
[2010.01.04 11:26:35 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\foobar2000
[2010.08.11 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\IM
[2010.05.22 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\McPoker Casino
[2009.11.06 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Meridian93
[2010.04.16 22:16:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Microgaming
[2009.11.11 18:15:34 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Nordic Games
[2009.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ProtectDisc
[2009.10.30 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ScanSoft
[2010.05.16 15:44:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\StreamTorrent
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Thunderbird
[2010.07.26 13:54:47 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\uTorrent
[2010.07.09 22:10:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Vodafone
[2010.01.19 18:18:12 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Z-Software
[2010.08.06 15:38:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.15 15:12:13 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Adobe
[2009.11.19 11:54:48 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Autodesk
[2009.11.09 23:08:50 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Betfair
[2009.12.23 22:06:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\blaxxun interactive
[2009.11.05 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Canneverbe_Limited
[2010.03.16 22:53:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\CircuitWorks
[2010.03.16 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DassaultSystemes
[2009.11.06 22:15:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DivX
[2010.03.16 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DWGeditor
[2010.07.16 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\FLEXnet
[2010.01.04 11:26:35 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\foobar2000
[2010.07.26 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Google
[2009.10.14 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Identities
[2010.08.11 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\IM
[2009.10.14 15:59:40 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Macromedia
[2010.05.22 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\McPoker Casino
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Media Center Programs
[2009.11.06 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Meridian93
[2010.04.16 22:16:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Microgaming
[2010.07.09 11:23:56 | 000,000,000 | --SD | M] -- C:\Users\Fischer\AppData\Roaming\Microsoft
[2009.10.15 13:46:06 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Mozilla
[2009.11.05 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Nero
[2009.11.11 18:15:34 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Nordic Games
[2009.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ProtectDisc
[2009.10.30 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ScanSoft
[2010.08.03 22:54:19 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\SolidWorks
[2009.11.19 11:11:59 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\SolidWorks 2009
[2010.05.16 15:44:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\StreamTorrent
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Thunderbird
[2010.07.26 13:54:47 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\uTorrent
[2010.07.09 22:10:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Vodafone
[2009.10.15 15:12:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\WinRAR
[2010.01.19 18:18:12 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Z-Software
 
< %APPDATA%\*.exe /s >
[2010.03.16 22:34:48 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\ARPPRODUCTICON.exe
[2010.03.16 22:34:48 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\NewShortcut1_5135BE5531E34696827B50FE43E48CC2_1.exe
[2010.03.16 22:34:48 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\NewShortcut2_5135BE5531E34696827B50FE43E48CC2_1.exe
[2009.12.10 01:05:05 | 000,010,134 | R--- | M] () -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\PowerPoker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Intertops Poker:MID
< End of report >
         
--- --- ---

Alt 11.08.2010, 18:53   #10
markusg
/// Malware-holic
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



öffne mal "mein computer" (arbeitsplatz) dann c:
dort _OTL rechtsklick auf moved files. wähle zu moved files.rar oder zip hinzufügen, dieses archiv hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html
(befindet sich im _OTL-ordner)
gib bescheid, wenn das erledigt ist.

Alt 11.08.2010, 19:35   #11
Kaligafix
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



sollte da sein

Alt 11.08.2010, 19:47   #12
markusg
/// Malware-holic
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



download malwarebytes:
Malwarebytes
instaliere das programm, öffne es, klicke auf die registerkarte aktualisierung, update es.
schalte nun alles an laufender software, auch antivirus ab, trenne die internetverbindung.
starte mit Malwarebytes nen komplett scan, funde löschen, danach avira + internet ein, log posten.

Alt 11.08.2010, 22:14   #13
Kaligafix
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.08.2010 22:59:45 - Run 5
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Fischer\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 177,58 Gb Free Space | 59,57% Space Free | Partition Type: NTFS
Drive D: | 1,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,87 Gb Total Space | 0,86 Gb Free Space | 46,06% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FISCHER-PC
Current User Name: Fischer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fischer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fischer\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 89 60 2B 7D D6 CA 01  [binary data]
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4214731021-727075759-893282977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.5.5
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.5
FF - prefs.js..extensions.enabledItems: kempelton_large-fx@arvidaxelsson.se:3.2.1
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: {6dab0fc6-e9b5-11db-8314-0800200c9a66}:1.4.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.30 13:26:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.30 12:24:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.02 18:59:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Extensions
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.11 08:29:00 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions
[2010.03.13 16:22:04 | 000,000,000 | ---D | M] (BlackX) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2010.02.16 20:48:14 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010.03.13 16:22:04 | 000,000,000 | ---D | M] (Sir.Community) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{6dab0fc6-e9b5-11db-8314-0800200c9a66}
[2010.07.18 21:58:07 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.04.14 21:40:08 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.06.26 12:50:36 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009.12.11 18:23:24 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.04.14 16:19:11 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.11.29 18:15:41 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\firefox@tvunetworks.com
[2010.04.03 10:40:02 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\kempelton_large-fx@arvidaxelsson.se
[2010.01.07 14:47:59 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\npfax@microgaming.co.uk
[2010.04.14 21:40:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\personas@christopher.beard
[2010.04.15 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\silvermel@pardal.de
[2010.04.15 21:03:07 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\silvermelxt@pardal.de
[2010.06.26 12:50:40 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\smarterwiki@wikiatic.com
[2010.06.26 12:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischer\AppData\Roaming\mozilla\Firefox\Profiles\ta4tbi8x.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010.04.14 21:40:15 | 000,000,873 | ---- | M] () -- C:\Users\Fischer\AppData\Roaming\Mozilla\FireFox\Profiles\ta4tbi8x.default\searchplugins\conduit.xml
[2010.08.11 08:29:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.11 06:44:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.09.05 20:58:42 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll
[2010.06.25 16:01:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 16:01:49 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.25 16:01:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.25 16:01:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.25 16:01:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.10 18:56:07 | 000,415,667 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14346 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4214731021-727075759-893282977-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4214731021-727075759-893282977-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4214731021-727075759-893282977-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.18 21:48:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008.10.27 10:31:58 | 001,683,456 | R--- | M] (Dancing Dots) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.10.27 10:31:18 | 000,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0b9e5bae-8cde-11df-bf9f-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{0b9e5bae-8cde-11df-bf9f-001e101f79c9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{7f837dc8-8b95-11df-b4ee-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{7f837dc8-8b95-11df-b4ee-00222004d76d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{812bd7a7-b8bf-11de-b706-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{812bd7a7-b8bf-11de-b706-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008.10.27 10:31:58 | 001,683,456 | R--- | M] (Dancing Dots)
O33 - MountPoints2\{99b8538c-8ccb-11df-b71a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{99b8538c-8ccb-11df-b71a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{99b853bb-8ccb-11df-b71a-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{99b853bb-8ccb-11df-b71a-00222004d76d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{c96c5c49-9108-11df-b9da-00222004d76d}\Shell - "" = AutoRun
O33 - MountPoints2\{c96c5c49-9108-11df-b9da-00222004d76d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {0EC9ABED-F369-797A-ADAF-80D3E2D7D475} - Browser Customizations
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {77F5313B-F7E8-FDF4-73A8-0EC19E7120EC} - Internet Explorer
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9144AA15-DDC9-731C-C53D-CC4A2D6A7DB7} - Browser Customizations
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B29A5B66-3DE0-9FCA-E491-D7F25F3D58D3} - Microsoft Windows Media Player
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {D070E872-AA96-3102-1858-D1A7CB04FFE8} - Browser Customizations
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9D635AEB-9D14-00C2-2049-5E491ED9D7FA} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.11 21:08:30 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Roaming\Malwarebytes
[2010.08.11 21:08:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.11 21:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.11 21:08:13 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.11 21:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.08.11 17:18:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.31 11:31:55 | 000,000,000 | ---D | C] -- C:\Users\Fischer\Documents\Horse Life
[2010.07.31 11:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2010.07.26 13:17:39 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Roaming\Google
[2010.07.22 19:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParadisePoker
[2010.07.22 12:48:40 | 000,000,000 | ---D | C] -- C:\Casino
[2010.07.22 11:55:46 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET
[2010.07.22 11:55:16 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Local\Paint.NET
[2010.07.22 11:10:15 | 000,000,000 | ---D | C] -- C:\Users\Fischer\Documents\SolidWorks Downloads
[2010.07.16 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Fischer\AppData\Roaming\FLEXnet
[2010.07.14 13:52:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.11 23:06:06 | 009,175,040 | -HS- | M] () -- C:\Users\Fischer\ntuser.dat
[2010.08.11 22:54:13 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 22:54:13 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 22:50:49 | 001,494,278 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.11 22:50:49 | 000,652,214 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.11 22:50:49 | 000,614,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.11 22:50:49 | 000,129,940 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.11 22:50:49 | 000,106,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.11 22:47:18 | 000,104,377 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.11 22:46:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.11 22:46:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.11 22:46:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 22:46:19 | 3018,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.11 22:45:29 | 006,146,772 | -H-- | M] () -- C:\Users\Fischer\AppData\Local\IconCache.db
[2010.08.11 22:41:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.10 18:56:07 | 000,415,667 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.08.05 13:14:21 | 000,104,377 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.31 14:53:42 | 480,454,009 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.31 11:35:29 | 000,001,166 | ---- | M] () -- C:\Users\Fischer\Desktop\Horse Life.lnk
[2010.07.27 13:05:45 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\William Hill Casino.lnk
[2010.07.26 13:57:05 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010.07.26 13:56:09 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Style Builder.lnk
[2010.07.26 13:56:08 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\LayOut 2.lnk
[2010.07.26 13:56:07 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.07.22 19:51:45 | 000,001,023 | ---- | M] () -- C:\Users\Fischer\Desktop\ParadisePoker.lnk
[2010.07.22 11:56:38 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.07.22 11:07:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2010.07.31 11:35:29 | 000,001,166 | ---- | C] () -- C:\Users\Fischer\Desktop\Horse Life.lnk
[2010.07.27 13:05:45 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\William Hill Casino.lnk
[2010.07.26 13:57:05 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF7a.ocx
[2010.07.26 13:56:09 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Style Builder.lnk
[2010.07.26 13:56:08 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\LayOut 2.lnk
[2010.07.26 13:56:07 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.07.22 19:51:45 | 000,001,023 | ---- | C] () -- C:\Users\Fischer\Desktop\ParadisePoker.lnk
[2010.07.22 11:56:38 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.07.11 13:20:31 | 001,514,120 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.01 00:52:41 | 003,923,968 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll
[2009.12.20 13:33:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.12 10:47:56 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009.11.07 17:17:09 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2009.11.05 20:18:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.30 08:56:49 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.10.23 21:05:48 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.08.21 21:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
 
========== LOP Check ==========
 
[2009.11.19 11:54:48 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Autodesk
[2009.11.09 23:08:50 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Betfair
[2009.12.23 22:06:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\blaxxun interactive
[2009.11.05 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Canneverbe_Limited
[2010.03.16 22:53:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\CircuitWorks
[2010.03.16 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DassaultSystemes
[2010.03.16 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DWGeditor
[2010.01.04 11:26:35 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\foobar2000
[2010.08.11 22:46:49 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\IM
[2010.05.22 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\McPoker Casino
[2009.11.06 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Meridian93
[2010.04.16 22:16:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Microgaming
[2009.11.11 18:15:34 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Nordic Games
[2009.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ProtectDisc
[2009.10.30 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ScanSoft
[2010.05.16 15:44:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\StreamTorrent
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Thunderbird
[2010.07.26 13:54:47 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\uTorrent
[2010.07.09 22:10:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Vodafone
[2010.01.19 18:18:12 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Z-Software
[2010.08.06 15:38:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.15 15:12:13 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Adobe
[2009.11.19 11:54:48 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Autodesk
[2009.11.09 23:08:50 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Betfair
[2009.12.23 22:06:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\blaxxun interactive
[2009.11.05 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Canneverbe_Limited
[2010.03.16 22:53:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\CircuitWorks
[2010.03.16 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DassaultSystemes
[2009.11.06 22:15:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DivX
[2010.03.16 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\DWGeditor
[2010.07.16 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\FLEXnet
[2010.01.04 11:26:35 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\foobar2000
[2010.07.26 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Google
[2009.10.14 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Identities
[2010.08.11 22:46:49 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\IM
[2009.10.14 15:59:40 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Macromedia
[2010.08.11 21:08:30 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Malwarebytes
[2010.05.22 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\McPoker Casino
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Media Center Programs
[2009.11.06 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Meridian93
[2010.04.16 22:16:04 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Microgaming
[2010.07.09 11:23:56 | 000,000,000 | --SD | M] -- C:\Users\Fischer\AppData\Roaming\Microsoft
[2009.10.15 13:46:06 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Mozilla
[2009.11.05 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Nero
[2009.11.11 18:15:34 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Nordic Games
[2009.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ProtectDisc
[2009.10.30 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\ScanSoft
[2010.08.03 22:54:19 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\SolidWorks
[2009.11.19 11:11:59 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\SolidWorks 2009
[2010.05.16 15:44:28 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\StreamTorrent
[2009.12.17 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Thunderbird
[2010.07.26 13:54:47 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\uTorrent
[2010.07.09 22:10:11 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Vodafone
[2009.10.15 15:12:37 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\WinRAR
[2010.01.19 18:18:12 | 000,000,000 | ---D | M] -- C:\Users\Fischer\AppData\Roaming\Z-Software
 
< %APPDATA%\*.exe /s >
[2010.03.16 22:34:48 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\ARPPRODUCTICON.exe
[2010.03.16 22:34:48 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\NewShortcut1_5135BE5531E34696827B50FE43E48CC2_1.exe
[2010.03.16 22:34:48 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\NewShortcut2_5135BE5531E34696827B50FE43E48CC2_1.exe
[2009.12.10 01:05:05 | 000,010,134 | R--- | M] () -- C:\Users\Fischer\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\PowerPoker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Intertops Poker:MID
< End of report >
         
--- --- ---

Alt 12.08.2010, 10:15   #14
markusg
/// Malware-holic
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



was hab ich geschrieben was du bitte nutzen sollst und was hast du genutzt? das sind doch 2 komplett unterschiedliche programme :-)

Alt 12.08.2010, 10:25   #15
Kaligafix
 
Trojaner 40 TANs Sparkasse - Standard

Trojaner 40 TANs Sparkasse



Was hab ich jetzt falsch gemacht?

Antwort

Themen zu Trojaner 40 TANs Sparkasse
40 tans, alternate, antivir, avgntflt.sys, avira, bho, cdrom, components, conduit, desktop, error, explorer, explorer.exe, firefox, firefox.exe, format, langs, location, logfile, microsoft, mozilla, mozilla thunderbird, nvidia, oldtimer, otl.exe, pdf, problem, programdata, programme, realtek, registry, safer networking, sched.exe, searchplugins, senden, sketchup, software, syswow64, trojaner, vodafone, webcheck, win32, windows, winlogon



Ähnliche Themen: Trojaner 40 TANs Sparkasse


  1. Forscher demontieren App-TANs der Sparkasse
    Nachrichten - 23.10.2015 (0)
  2. Windows Vita, Sparkasse, 100 Tans, Virus
    Log-Analyse und Auswertung - 09.08.2011 (3)
  3. Sparkasse 20 Tans
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (1)
  4. Online Banking Sparkasse- mehrere Tans eingeben
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (14)
  5. Sparkasse 20 Tans eingeben
    Log-Analyse und Auswertung - 16.05.2011 (7)
  6. Aufforderung 40 Tans Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 09.03.2011 (28)
  7. 20 Tans bei Sparkasse eingeben - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (7)
  8. Sparkasse Banking - Aufforderung 20 Tans
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (14)
  9. Trojaner Sparkasse Banking Aufforderung 20 TANs
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (13)
  10. Sparkasse Banking - Aufforderung 40 TANs und Antivir meldet TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (10)
  11. Sparkasse Banking - Aufforderung 20 TANs
    Plagegeister aller Art und deren Bekämpfung - 03.01.2011 (8)
  12. Meine Lösung des Problems 20 Tans eingeben bei der Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 29.12.2010 (1)
  13. Banking Trojaner Sparkasse 20 Tans
    Plagegeister aller Art und deren Bekämpfung - 12.12.2010 (17)
  14. Trojaner: Online Banking Sparkasse - 50 Tans eingeben
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (10)
  15. Trojaner Sparkasse 40 Tans
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (3)
  16. Trojaner Sparkasse - 40 Tans
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (14)
  17. Trojaner/ 40 Tans Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (22)

Zum Thema Trojaner 40 TANs Sparkasse - Hallo habe das Problem wie viele andere hier. Kann ich als Lösung die der anderen nutzen, oder ist das immer individuell? Hab schonmal OTL laufen lassen: Bin dankbar für jede - Trojaner 40 TANs Sparkasse...
Archiv
Du betrachtest: Trojaner 40 TANs Sparkasse auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.