Bundestrojaner? UKash Aufforderung mit Systemstillegung

cosinus · 05.10.2012, 13:42

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Heistmer · 05.10.2012, 16:19

So, hier dann der OTL Log

Code:

ATTFilter

OTL logfile created on: 05.10.2012 15:18:42 - Run 3
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\Heistmer\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 53,49% Memory free
6,71 Gb Paging File | 3,94 Gb Available in Paging File | 58,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,11 Gb Total Space | 24,94 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 10,08 Gb Free Space | 68,92% Space Free | Partition Type: FAT32
Drive J: | 931,50 Gb Total Space | 814,54 Gb Free Space | 87,44% Space Free | Partition Type: NTFS
 
Computer Name: Heistmer-ONE | User Name: Heistmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Heistmer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Trillian\libspeex.dll ()
MOD - C:\Program Files (x86)\Trillian\libungif.dll ()
MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\talk.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\events.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\toolkit.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\buddy.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\trillian.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (StkSSrv) -- C:\Windows\SysNative\StkCSrv.exe (Syntek America Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (mysql) -- C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FileZilla Server) -- C:\Users\Heistmer\Eigene Webs\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (MagicTuneEngine) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (x10nets) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\DRIVERS\motccgp.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys (Motorola)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys (Protect Software GmbH)
DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\DRIVERS\motfilt.sys (Motorola Inc)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (IntelDH64) -- C:\Windows\SysNative\Drivers\IntelDH64.sys (Intel Corporation)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\DRIVERS\motswch.sys (Motorola)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\DRIVERS\SaiMini.sys (Saitek)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\DRIVERS\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\Drivers\StkCMini.sys (Syntek)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\DRIVERS\cjusb.sys (REINER SCT)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (X10Hid) -- C:\Windows\SysNative\Drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9}: "URL" = hxxp://www2.iesearch.com/s/?&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "FireSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www2.firesearch.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.05 19:33:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.15 22:15:34 | 000,000,000 | ---D | M]
 
[2008.08.26 21:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Extensions
[2012.10.04 15:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions
[2010.05.19 23:02:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.08.26 21:16:36 | 000,000,000 | ---D | M] ("FireFTP") -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011.03.11 22:28:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.04 10:46:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.04 10:46:38 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\firebug@software.joehewitt.com
[2012.10.04 15:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2008.06.18 09:47:34 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npdlplug.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.07.18 17:32:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.18 17:32:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.18 17:32:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.18 17:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.18 17:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.03.03 21:42:44 | 000,302,531 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 10430 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3066119559-789599144-109096739-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_400_252_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIC273~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B63BB61-2F55-48CA-BA01-587CE776F4AC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O27:64bit: - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.05 11:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\L5 Software Group
[2012.10.05 11:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\L5 Software Group
[2012.10.04 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.02 23:00:30 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.02 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Malwarebytes
[2012.10.02 20:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.02 20:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.02 20:51:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.02 20:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.22 23:57:59 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Local\NOS
[2012.09.15 19:55:10 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\Desktop\HeistMedia
[2012.09.15 19:48:27 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artisteer 3
[2012.09.11 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Local\Xara
[2012.09.11 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.09.11 20:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.09.11 20:50:32 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Yahoo!
[2012.09.11 20:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.05 15:35:12 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 15:35:12 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.05 11:16:00 | 000,001,023 | ---- | M] () -- C:\Users\Heistmer\Desktop\Driver Manager W2K-XP.lnk
[2012.10.05 11:15:15 | 000,245,248 | ---- | M] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.04 15:35:44 | 000,002,305 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2012.10.04 15:35:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.03 23:51:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.03 18:10:26 | 000,000,020 | ---- | M] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | M] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.02 23:07:26 | 000,513,501 | ---- | M] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.02 23:00:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.02 20:51:28 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 08:03:15 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.22 23:44:31 | 001,453,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.22 23:44:31 | 000,632,252 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.22 23:44:31 | 000,598,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.22 23:44:31 | 000,127,302 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.22 23:44:31 | 000,104,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.22 23:22:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.15 22:35:37 | 447,694,779 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.12 07:11:56 | 004,965,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.11 20:51:25 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX 3D Maker 7 Download-Version.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.05 11:16:00 | 000,001,023 | ---- | C] () -- C:\Users\Heistmer\Desktop\Driver Manager W2K-XP.lnk
[2012.10.03 18:10:26 | 000,000,020 | ---- | C] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:35 | 000,050,477 | ---- | C] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | C] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.02 23:07:26 | 000,513,501 | ---- | C] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.02 20:51:28 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 07:54:28 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 20:51:25 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX 3D Maker 7 Download-Version.lnk
[2012.06.07 21:24:07 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.10.16 11:51:19 | 000,000,430 | ---- | C] () -- C:\Windows\scummvm.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.26 07:31:00 | 000,169,757 | ---- | C] () -- C:\Users\Heistmer\fm_0911_34-35 (1).pdf
[2011.02.15 21:16:26 | 000,000,071 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.06 11:39:21 | 000,000,482 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\RAExpertHistory.xml
[2010.11.25 21:38:09 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.03.02 20:56:15 | 000,260,318 | ---- | C] () -- C:\Users\Heistmer\verzeichniss.jpg
[2010.03.02 20:54:29 | 000,276,485 | ---- | C] () -- C:\Users\Heistmer\filme.jpg
[2010.02.25 08:59:03 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.11.30 01:05:35 | 000,000,029 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\default.rss
[2008.11.30 01:05:35 | 000,000,000 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\downloads.m3u
[2008.10.23 20:15:43 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.twlsj
[2008.10.23 19:53:53 | 000,258,064 | ---- | C] () -- C:\ProgramData\bold flag flag.m89kbj
[2008.10.23 19:32:02 | 000,319,504 | ---- | C] () -- C:\ProgramData\bold flag flag.fddwg
[2008.10.23 19:10:12 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.zj2d1
[2008.10.23 18:48:21 | 000,348,176 | ---- | C] () -- C:\ProgramData\bold flag flag.0f3nl
[2008.10.23 18:26:31 | 000,311,312 | ---- | C] () -- C:\ProgramData\bold flag flag.6lzxdq1
[2008.10.23 18:04:41 | 000,122,896 | ---- | C] () -- C:\ProgramData\bold flag flag.tczrs2
[2008.10.23 17:42:50 | 000,036,880 | ---- | C] () -- C:\ProgramData\bold flag flag.a19t49
[2008.10.23 17:21:00 | 000,196,624 | ---- | C] () -- C:\ProgramData\bold flag flag.0ehold
[2008.10.23 16:59:09 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.qr8rj
[2008.10.23 16:37:19 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.b8af8
[2008.10.23 16:15:29 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.h3kwaw
[2008.10.23 15:53:38 | 000,090,128 | ---- | C] () -- C:\ProgramData\bold flag flag.6ze1fa
[2008.10.23 15:31:48 | 000,339,984 | ---- | C] () -- C:\ProgramData\bold flag flag.h5gwda
[2008.10.23 15:09:57 | 000,147,472 | ---- | C] () -- C:\ProgramData\bold flag flag.l5j7y
[2008.10.23 14:48:07 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.ps2k65
[2008.10.23 14:26:22 | 000,385,040 | ---- | C] () -- C:\ProgramData\loud flag cdrom.qxp4q
[2008.10.23 14:25:46 | 000,200,720 | ---- | C] () -- C:\ProgramData\bold flag flag.g7hex
[2008.10.23 14:25:46 | 000,159,760 | ---- | C] () -- C:\ProgramData\bold flag flag.zdmqfk
[2008.10.23 14:20:50 | 000,012,304 | ---- | C] () -- C:\ProgramData\bold flag flag.7376dv
[2008.08.27 19:54:45 | 000,024,226 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\UserTile.png
[2008.05.26 21:20:45 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.25 12:15:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.19 22:03:44 | 000,005,070 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.03.19 22:03:44 | 000,000,168 | RHS- | C] () -- C:\ProgramData\568DE542ED.sys
[2008.03.13 21:09:22 | 000,245,248 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.13 20:45:55 | 000,000,732 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.10.21 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Any Video Converter
[2012.01.26 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Artisteer
[2008.06.29 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\BlackBean
[2011.07.02 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Canneverbe Limited
[2008.04.04 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DAEMON Tools
[2012.08.19 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoft
[2012.08.19 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.13 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\elsterformular
[2012.09.14 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FileZilla
[2012.10.03 23:50:50 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FRITZ!
[2008.12.09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Haufe
[2011.03.20 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\ImTOO
[2008.08.21 22:26:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InterVideo
[2012.09.27 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\KeePass
[2008.12.15 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Leadertech
[2008.12.09 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Lexware
[2012.09.11 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2011.06.30 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\motorola
[2009.02.01 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Musicmatch
[2012.08.27 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MyPhoneExplorer
[2012.10.02 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nayfo
[2011.06.26 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nokia
[2010.07.20 07:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PACE Anti-Piracy
[2008.05.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PC Suite
[2008.08.27 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PeerNetworking
[2012.06.07 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\QuickScan
[2010.07.19 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.08 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Transcend
[2010.09.09 07:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Trillian
[2012.08.10 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TS3Client
[2011.11.20 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TuneUp Software
[2012.09.22 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ulead Systems
[2012.09.14 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\VSO
[2010.04.21 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\wds.NET
[2012.01.07 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.07 23:19:07 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Adobe
[2008.11.30 16:24:48 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ahead
[2010.10.21 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Any Video Converter
[2012.01.26 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Apple Computer
[2012.01.26 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Artisteer
[2011.11.27 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Avira
[2008.06.29 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\BlackBean
[2011.07.02 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Canneverbe Limited
[2011.01.22 22:19:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Corel
[2008.04.04 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DAEMON Tools
[2008.08.27 07:27:56 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DivX
[2011.03.20 21:22:56 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\dvdcss
[2012.08.19 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoft
[2012.08.19 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.13 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\elsterformular
[2012.09.14 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FileZilla
[2012.10.03 23:50:50 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FRITZ!
[2008.03.18 23:01:28 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Google
[2008.12.09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Haufe
[2008.03.13 20:46:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Identities
[2011.03.20 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\ImTOO
[2008.03.14 00:31:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InstallShield
[2008.08.21 22:26:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InterVideo
[2008.03.14 08:46:48 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Jasc Software Inc
[2012.09.27 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\KeePass
[2008.12.15 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Leadertech
[2008.12.09 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Lexware
[2008.03.15 19:17:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Logitech
[2008.03.20 21:38:49 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Macromedia
[2012.09.11 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2012.10.02 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Malwarebytes
[2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Media Center Programs
[2010.08.15 21:43:50 | 000,000,000 | --SD | M] -- C:\Users\Heistmer\AppData\Roaming\Microsoft
[2011.06.30 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\motorola
[2008.08.26 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Mozilla
[2012.01.14 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Mozilla-Cache
[2009.02.01 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Musicmatch
[2012.08.27 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MyPhoneExplorer
[2012.10.02 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nayfo
[2011.07.03 20:37:23 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nero
[2011.06.26 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nokia
[2012.06.27 19:53:45 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\NVIDIA
[2010.07.20 07:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PACE Anti-Piracy
[2008.05.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PC Suite
[2008.08.27 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PeerNetworking
[2012.06.07 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\QuickScan
[2008.03.20 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Real
[2008.06.22 16:52:26 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\skypePM
[2008.03.16 01:22:08 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\SmartFTP
[2010.07.19 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2008.03.15 13:29:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Talkback
[2010.03.19 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\teamspeak2
[2011.03.08 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Transcend
[2010.09.09 07:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Trillian
[2012.08.10 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TS3Client
[2011.11.20 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TuneUp Software
[2012.09.22 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ulead Systems
[2008.08.18 23:36:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\vlc
[2012.09.14 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\VSO
[2010.04.21 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\wds.NET
[2011.11.05 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Winamp
[2012.01.07 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WindSolutions
[2008.03.14 22:39:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WinRAR
[2012.09.11 20:50:32 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.07.19 18:49:04 | 000,010,134 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2009.05.19 21:35:06 | 000,007,358 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_24c89c8.exe
[2009.05.19 21:35:06 | 000,007,358 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_39fe3610.exe
[2009.08.11 22:39:05 | 000,010,134 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{A2C60BF1-82E3-493C-911D-14AD50471F2F}\ARPPRODUCTICON.exe
[2007.10.08 01:57:52 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2007.12.28 11:15:38 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
[2012.01.07 17:57:55 | 003,703,176 | ---- | M] (WindSolutions) -- C:\Users\Heistmer\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.09 03:52:57 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=3927EB6EBFC77BA93481F440221D5252 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_371e04d9dcfdf69e\atapi.sys
[2008.01.09 03:52:56 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=48021EB810BF8FB6EBFA4569B95AAD5F -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_380123c8f5d8000c\atapi.sys
[2009.04.11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\Users\Heistmer\Eigene Webs\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 01:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 01:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 01:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 01:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 01:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 01:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 11:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2007.07.14 02:23:35 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.07.14 02:23:36 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 13:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2009.04.11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 17:40:34 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 17:40:34 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 6281 bytes -> C:\Windows\pOOrGUI:Source Setup Log.txt
@Alternate Data Stream - 24 bytes -> C:\Windows:7E92895CF0C0E947
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 1192 bytes -> C:\ProgramData\Microsoft:GU20qEzkcvUPQnca2EoO96egmYBo7
@Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:6UbkivR8LfAWeH3hD48xECCj6
@Alternate Data Stream - 1124 bytes -> C:\ProgramData\Microsoft:0gtbGQ5UBdBtGnl3ms7gN6CAa

< End of report >

Kleine Anmerkung, zwischenzeitlich gab mir OTL eine Fehlermeldung raus.

Zitat:

Es befindet sich kein Datenträger im Lauwerk. Legen Sie einen Datenträger in Laufwerk/Device/Harddisk/DR2 ein.

Das habe ich mehrmals mit Weiter bestätigt dann lief es wie gewollt weiter.
Was OTL da von mir gewünscht hat kann ich nicht Sagen.

cosinus · 05.10.2012, 18:11

Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Heistmer · 05.10.2012, 18:28

hier das log

Code:

ATTFilter

# AdwCleaner v2.003 - Datei am 10/05/2012 um 19:15:50 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzer : Heistmer - Heistmer-ONE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Heistmer\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v3.6.6 (de)

Profilname : default 
Datei : C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2909 octets] - [02/10/2012 23:25:13]
AdwCleaner[R1].txt - [946 octets] - [02/10/2012 23:30:05]
AdwCleaner[R2].txt - [878 octets] - [05/10/2012 19:15:50]

########## EOF - C:\AdwCleaner[R2].txt - [937 octets] ##########

Toolbars nutz ich nicht, wenn sie mal wieder irgendwo mitinstaliert wurde versuch ich sie meist gleich wieder zu deinstalieren.

Die S1 und R1 evtl auch noch intressant, wo ich nun weiss wo sie steckt.

cosinus · 05.10.2012, 18:33

Code:

ATTFilter

Version 3.2.70.1

hast du OTL vorhin nicht neu runtergeladen? Warum nicht?

Heistmer · 05.10.2012, 18:39

doch war eigentlich der plan, bekahm auch die frage auf ersetzen. Vielleicht hätte ich vorher löschen sollen.
Vielleicht auch verklick. hmmm.

Noch mal?

cosinus · 06.10.2012, 18:31

Ja bitte nochmal mit der aktuellen Version

Heistmer · 06.10.2012, 21:26

Ich bin verwirt, gestern habe ich noch dann ja noch mal geschaut, bzw versucht nachzuvollziehen wo ich was falsch gemacht habe. Hatte dann letztendelich die 3.2.70.2

Wenn ich jetzt noch einmal aktuell herunterlade bekomm ich nur noch die 3.2.69.0 ??

Hier der Log von meiner gestern heruntergeladenen 3.2.70.2

Code:

ATTFilter

OTL logfile created on: 06.10.2012 20:31:38 - Run 4
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Heistmer\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 46,36% Memory free
6,71 Gb Paging File | 4,47 Gb Available in Paging File | 66,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,11 Gb Total Space | 24,05 Gb Free Space | 5,33% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 10,08 Gb Free Space | 68,92% Space Free | Partition Type: FAT32
Drive J: | 931,50 Gb Total Space | 814,54 Gb Free Space | 87,44% Space Free | Partition Type: NTFS
 
Computer Name: Heistmer-ONE | User Name: Heistmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Heistmer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Trillian\libspeex.dll ()
MOD - C:\Program Files (x86)\Trillian\libungif.dll ()
MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\talk.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\events.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\toolkit.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\buddy.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\trillian.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (StkSSrv) -- C:\Windows\SysNative\StkCSrv.exe (Syntek America Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (mysql) -- C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FileZilla Server) -- C:\Users\Heistmer\Eigene Webs\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (MagicTuneEngine) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (x10nets) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\DRIVERS\motccgp.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys (Motorola)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys (Protect Software GmbH)
DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\DRIVERS\motfilt.sys (Motorola Inc)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (IntelDH64) -- C:\Windows\SysNative\Drivers\IntelDH64.sys (Intel Corporation)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\DRIVERS\motswch.sys (Motorola)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\DRIVERS\SaiMini.sys (Saitek)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\DRIVERS\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\Drivers\StkCMini.sys (Syntek)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\DRIVERS\cjusb.sys (REINER SCT)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (X10Hid) -- C:\Windows\SysNative\Drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9}: "URL" = hxxp://www2.iesearch.com/s/?&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "FireSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www2.firesearch.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.05 19:33:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.15 22:15:34 | 000,000,000 | ---D | M]
 
[2008.08.26 21:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Extensions
[2012.10.04 15:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions
[2010.05.19 23:02:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.08.26 21:16:36 | 000,000,000 | ---D | M] ("FireFTP") -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011.03.11 22:28:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.04 10:46:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.04 10:46:38 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\firebug@software.joehewitt.com
[2012.10.04 15:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2008.06.18 09:47:34 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npdlplug.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.07.18 17:32:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.18 17:32:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.18 17:32:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.18 17:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.18 17:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.03.03 21:42:44 | 000,302,531 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 10430 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIC273~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B63BB61-2F55-48CA-BA01-587CE776F4AC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O27:64bit: - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.05 19:37:10 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.05 11:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\L5 Software Group
[2012.10.05 11:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\L5 Software Group
[2012.10.04 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.02 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Malwarebytes
[2012.10.02 20:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.02 20:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.02 20:51:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.02 20:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.22 23:57:59 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Local\NOS
[2012.09.15 19:55:10 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\Desktop\HeistMedia
[2012.09.15 19:48:27 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artisteer 3
[2012.09.11 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Local\Xara
[2012.09.11 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.09.11 20:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.09.11 20:50:32 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Yahoo!
[2012.09.11 20:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.06 09:16:37 | 000,002,305 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2012.10.06 09:15:24 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.06 09:15:23 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.06 09:15:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.05 23:40:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.05 19:37:10 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.05 19:15:12 | 000,513,501 | ---- | M] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.05 11:16:00 | 000,001,023 | ---- | M] () -- C:\Users\Heistmer\Desktop\Driver Manager W2K-XP.lnk
[2012.10.05 11:15:15 | 000,245,248 | ---- | M] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.03 18:10:26 | 000,000,020 | ---- | M] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | M] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.02 20:51:28 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 08:03:15 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.22 23:44:31 | 001,453,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.22 23:44:31 | 000,632,252 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.22 23:44:31 | 000,598,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.22 23:44:31 | 000,127,302 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.22 23:44:31 | 000,104,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.22 23:22:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.12 07:11:56 | 004,965,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.11 20:51:25 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX 3D Maker 7 Download-Version.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.05 19:15:12 | 000,513,501 | ---- | C] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.05 11:16:00 | 000,001,023 | ---- | C] () -- C:\Users\Heistmer\Desktop\Driver Manager W2K-XP.lnk
[2012.10.03 18:10:26 | 000,000,020 | ---- | C] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:35 | 000,050,477 | ---- | C] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | C] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.02 20:51:28 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 07:54:28 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 20:51:25 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX 3D Maker 7 Download-Version.lnk
[2012.06.07 21:24:07 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.10.16 11:51:19 | 000,000,430 | ---- | C] () -- C:\Windows\scummvm.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.26 07:31:00 | 000,169,757 | ---- | C] () -- C:\Users\Heistmer\fm_0911_34-35 (1).pdf
[2011.02.15 21:16:26 | 000,000,071 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.06 11:39:21 | 000,000,482 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\RAExpertHistory.xml
[2010.11.25 21:38:09 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.03.02 20:56:15 | 000,260,318 | ---- | C] () -- C:\Users\Heistmer\verzeichniss.jpg
[2010.03.02 20:54:29 | 000,276,485 | ---- | C] () -- C:\Users\Heistmer\filme.jpg
[2010.02.25 08:59:03 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.11.30 01:05:35 | 000,000,029 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\default.rss
[2008.11.30 01:05:35 | 000,000,000 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\downloads.m3u
[2008.10.23 20:15:43 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.twlsj
[2008.10.23 19:53:53 | 000,258,064 | ---- | C] () -- C:\ProgramData\bold flag flag.m89kbj
[2008.10.23 19:32:02 | 000,319,504 | ---- | C] () -- C:\ProgramData\bold flag flag.fddwg
[2008.10.23 19:10:12 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.zj2d1
[2008.10.23 18:48:21 | 000,348,176 | ---- | C] () -- C:\ProgramData\bold flag flag.0f3nl
[2008.10.23 18:26:31 | 000,311,312 | ---- | C] () -- C:\ProgramData\bold flag flag.6lzxdq1
[2008.10.23 18:04:41 | 000,122,896 | ---- | C] () -- C:\ProgramData\bold flag flag.tczrs2
[2008.10.23 17:42:50 | 000,036,880 | ---- | C] () -- C:\ProgramData\bold flag flag.a19t49
[2008.10.23 17:21:00 | 000,196,624 | ---- | C] () -- C:\ProgramData\bold flag flag.0ehold
[2008.10.23 16:59:09 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.qr8rj
[2008.10.23 16:37:19 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.b8af8
[2008.10.23 16:15:29 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.h3kwaw
[2008.10.23 15:53:38 | 000,090,128 | ---- | C] () -- C:\ProgramData\bold flag flag.6ze1fa
[2008.10.23 15:31:48 | 000,339,984 | ---- | C] () -- C:\ProgramData\bold flag flag.h5gwda
[2008.10.23 15:09:57 | 000,147,472 | ---- | C] () -- C:\ProgramData\bold flag flag.l5j7y
[2008.10.23 14:48:07 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.ps2k65
[2008.10.23 14:26:22 | 000,385,040 | ---- | C] () -- C:\ProgramData\loud flag cdrom.qxp4q
[2008.10.23 14:25:46 | 000,200,720 | ---- | C] () -- C:\ProgramData\bold flag flag.g7hex
[2008.10.23 14:25:46 | 000,159,760 | ---- | C] () -- C:\ProgramData\bold flag flag.zdmqfk
[2008.10.23 14:20:50 | 000,012,304 | ---- | C] () -- C:\ProgramData\bold flag flag.7376dv
[2008.08.27 19:54:45 | 000,024,226 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\UserTile.png
[2008.05.26 21:20:45 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.25 12:15:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.19 22:03:44 | 000,005,070 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.03.19 22:03:44 | 000,000,168 | RHS- | C] () -- C:\ProgramData\568DE542ED.sys
[2008.03.13 21:09:22 | 000,245,248 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.13 20:45:55 | 000,000,732 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.10.21 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Any Video Converter
[2012.01.26 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Artisteer
[2008.06.29 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\BlackBean
[2011.07.02 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Canneverbe Limited
[2008.04.04 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DAEMON Tools
[2012.08.19 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoft
[2012.08.19 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.13 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\elsterformular
[2012.09.14 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FileZilla
[2012.10.05 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FRITZ!
[2008.12.09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Haufe
[2011.03.20 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\ImTOO
[2008.08.21 22:26:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InterVideo
[2012.09.27 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\KeePass
[2008.12.15 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Leadertech
[2008.12.09 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Lexware
[2012.09.11 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2011.06.30 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\motorola
[2009.02.01 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Musicmatch
[2012.08.27 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MyPhoneExplorer
[2012.10.02 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nayfo
[2011.06.26 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nokia
[2010.07.20 07:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PACE Anti-Piracy
[2008.05.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PC Suite
[2008.08.27 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PeerNetworking
[2012.06.07 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\QuickScan
[2010.07.19 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.08 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Transcend
[2010.09.09 07:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Trillian
[2012.08.10 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TS3Client
[2011.11.20 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TuneUp Software
[2012.09.22 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ulead Systems
[2012.09.14 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\VSO
[2010.04.21 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\wds.NET
[2012.01.07 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.07 23:19:07 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Adobe
[2008.11.30 16:24:48 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ahead
[2010.10.21 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Any Video Converter
[2012.01.26 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Apple Computer
[2012.01.26 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Artisteer
[2011.11.27 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Avira
[2008.06.29 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\BlackBean
[2011.07.02 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Canneverbe Limited
[2011.01.22 22:19:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Corel
[2008.04.04 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DAEMON Tools
[2008.08.27 07:27:56 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DivX
[2011.03.20 21:22:56 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\dvdcss
[2012.08.19 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoft
[2012.08.19 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.13 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\elsterformular
[2012.09.14 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FileZilla
[2012.10.05 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FRITZ!
[2008.03.18 23:01:28 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Google
[2008.12.09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Haufe
[2008.03.13 20:46:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Identities
[2011.03.20 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\ImTOO
[2008.03.14 00:31:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InstallShield
[2008.08.21 22:26:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InterVideo
[2008.03.14 08:46:48 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Jasc Software Inc
[2012.09.27 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\KeePass
[2008.12.15 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Leadertech
[2008.12.09 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Lexware
[2008.03.15 19:17:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Logitech
[2008.03.20 21:38:49 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Macromedia
[2012.09.11 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2012.10.02 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Malwarebytes
[2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Media Center Programs
[2010.08.15 21:43:50 | 000,000,000 | --SD | M] -- C:\Users\Heistmer\AppData\Roaming\Microsoft
[2011.06.30 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\motorola
[2008.08.26 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Mozilla
[2012.01.14 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Mozilla-Cache
[2009.02.01 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Musicmatch
[2012.08.27 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MyPhoneExplorer
[2012.10.02 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nayfo
[2011.07.03 20:37:23 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nero
[2011.06.26 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nokia
[2012.06.27 19:53:45 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\NVIDIA
[2010.07.20 07:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PACE Anti-Piracy
[2008.05.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PC Suite
[2008.08.27 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PeerNetworking
[2012.06.07 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\QuickScan
[2008.03.20 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Real
[2008.06.22 16:52:26 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\skypePM
[2008.03.16 01:22:08 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\SmartFTP
[2010.07.19 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2008.03.15 13:29:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Talkback
[2010.03.19 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\teamspeak2
[2011.03.08 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Transcend
[2010.09.09 07:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Trillian
[2012.08.10 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TS3Client
[2011.11.20 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TuneUp Software
[2012.09.22 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ulead Systems
[2008.08.18 23:36:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\vlc
[2012.09.14 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\VSO
[2010.04.21 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\wds.NET
[2011.11.05 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Winamp
[2012.01.07 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WindSolutions
[2008.03.14 22:39:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WinRAR
[2012.09.11 20:50:32 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.07.19 18:49:04 | 000,010,134 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2009.05.19 21:35:06 | 000,007,358 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_24c89c8.exe
[2009.05.19 21:35:06 | 000,007,358 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_39fe3610.exe
[2009.08.11 22:39:05 | 000,010,134 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{A2C60BF1-82E3-493C-911D-14AD50471F2F}\ARPPRODUCTICON.exe
[2007.10.08 01:57:52 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2007.12.28 11:15:38 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
[2012.01.07 17:57:55 | 003,703,176 | ---- | M] (WindSolutions) -- C:\Users\Heistmer\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.09 03:52:57 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=3927EB6EBFC77BA93481F440221D5252 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_371e04d9dcfdf69e\atapi.sys
[2008.01.09 03:52:56 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=48021EB810BF8FB6EBFA4569B95AAD5F -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_380123c8f5d8000c\atapi.sys
[2009.04.11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\Users\Heistmer\Eigene Webs\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 01:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 01:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 01:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 01:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 01:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 01:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 11:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2007.07.14 02:23:35 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.07.14 02:23:36 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 13:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2009.04.11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 6281 bytes -> C:\Windows\pOOrGUI:Source Setup Log.txt
@Alternate Data Stream - 24 bytes -> C:\Windows:7E92895CF0C0E947
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 1192 bytes -> C:\ProgramData\Microsoft:GU20qEzkcvUPQnca2EoO96egmYBo7
@Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:6UbkivR8LfAWeH3hD48xECCj6
@Alternate Data Stream - 1124 bytes -> C:\ProgramData\Microsoft:0gtbGQ5UBdBtGnl3ms7gN6CAa

< End of report >

Wir auch noch ein Log von der 3.2.69.0 benötigt?

cosinus · 07.10.2012, 07:32

Zitat:

Wenn ich jetzt noch einmal aktuell herunterlade bekomm ich nur noch die 3.2.69.0 ??

Ja die ist richtig

Der Rückschritt ist notwenig weil die 3.2.70er-Versionen wohl einige Bug haben
Mach es bitte nochmal mit der 3.2.69er Version, die offensichtlich fehlerfrei ist

Heistmer · 07.10.2012, 09:49

Hier dann jetzt das nächste Log.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.10.2012 10:08:55 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Heistmer\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 49,09% Memory free
6,71 Gb Paging File | 4,68 Gb Available in Paging File | 69,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,11 Gb Total Space | 18,92 Gb Free Space | 4,19% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 10,08 Gb Free Space | 68,92% Space Free | Partition Type: FAT32
Drive J: | 931,50 Gb Total Space | 809,09 Gb Free Space | 86,86% Space Free | Partition Type: NTFS
 
Computer Name: Heistmer-ONE | User Name: Heistmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Heistmer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (StkSSrv) -- C:\Windows\SysNative\StkCSrv.exe (Syntek America Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (mysql) -- C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FileZilla Server) -- C:\Users\Heistmer\Eigene Webs\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (MagicTuneEngine) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (x10nets) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\DRIVERS\motccgp.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys (Motorola)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys (Protect Software GmbH)
DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\DRIVERS\motfilt.sys (Motorola Inc)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (IntelDH64) -- C:\Windows\SysNative\Drivers\IntelDH64.sys (Intel Corporation)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\DRIVERS\motswch.sys (Motorola)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\DRIVERS\SaiMini.sys (Saitek)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\DRIVERS\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\Drivers\StkCMini.sys (Syntek)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\DRIVERS\cjusb.sys (REINER SCT)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (X10Hid) -- C:\Windows\SysNative\Drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9}: "URL" = hxxp://www2.iesearch.com/s/?&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "FireSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www2.firesearch.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.05 19:33:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.15 22:15:34 | 000,000,000 | ---D | M]
 
[2008.08.26 21:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Extensions
[2012.10.04 15:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions
[2010.05.19 23:02:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.08.26 21:16:36 | 000,000,000 | ---D | M] ("FireFTP") -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011.03.11 22:28:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.04 10:46:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.04 10:46:38 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\firebug@software.joehewitt.com
[2012.10.04 15:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2008.06.18 09:47:34 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npdlplug.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.07.18 17:32:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.18 17:32:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.18 17:32:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.18 17:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.18 17:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.03.03 21:42:44 | 000,302,531 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	²©²ÊÍ¨,²©²ÊÍø,½ð±¦²©188,²©²ÊÍ¨ÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	ECSHOP
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	,?,?,,,??,?,?
O1 - Hosts: 10430 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIC273~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B63BB61-2F55-48CA-BA01-587CE776F4AC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O27:64bit: - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 10:05:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.05 11:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\L5 Software Group
[2012.10.05 11:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\L5 Software Group
[2012.10.04 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.02 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Malwarebytes
[2012.10.02 20:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.02 20:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.02 20:51:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.02 20:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.22 23:57:59 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Local\NOS
[2012.09.15 19:55:10 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\Desktop\HeistMedia
[2012.09.15 19:48:27 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artisteer 3
[2012.09.11 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Local\Xara
[2012.09.11 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.09.11 20:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.09.11 20:50:32 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Yahoo!
[2012.09.11 20:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 10:05:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.07 09:53:57 | 000,002,305 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2012.10.07 09:52:55 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 09:52:55 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 09:52:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 00:49:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.06 22:29:01 | 000,246,784 | ---- | M] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.06 10:16:06 | 000,566,764 | ---- | M] () -- C:\Users\Heistmer\Desktop\Sopoliste Acer PCs und Server.pdf
[2012.10.05 19:15:12 | 000,513,501 | ---- | M] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.05 11:16:00 | 000,001,023 | ---- | M] () -- C:\Users\Heistmer\Desktop\Driver Manager W2K-XP.lnk
[2012.10.03 18:10:26 | 000,000,020 | ---- | M] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | M] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.02 20:51:28 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 08:03:15 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.22 23:44:31 | 001,453,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.22 23:44:31 | 000,632,252 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.22 23:44:31 | 000,598,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.22 23:44:31 | 000,127,302 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.22 23:44:31 | 000,104,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.22 23:22:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.12 07:11:56 | 004,965,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.11 20:51:25 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX 3D Maker 7 Download-Version.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.06 10:16:06 | 000,566,764 | ---- | C] () -- C:\Users\Heistmer\Desktop\Sopoliste Acer PCs und Server.pdf
[2012.10.05 19:15:12 | 000,513,501 | ---- | C] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.05 11:16:00 | 000,001,023 | ---- | C] () -- C:\Users\Heistmer\Desktop\Driver Manager W2K-XP.lnk
[2012.10.03 18:10:26 | 000,000,020 | ---- | C] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:35 | 000,050,477 | ---- | C] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | C] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.02 20:51:28 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 07:54:28 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 20:51:25 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX 3D Maker 7 Download-Version.lnk
[2012.06.07 21:24:07 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.10.16 11:51:19 | 000,000,430 | ---- | C] () -- C:\Windows\scummvm.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.26 07:31:00 | 000,169,757 | ---- | C] () -- C:\Users\Heistmer\fm_0911_34-35 (1).pdf
[2011.02.15 21:16:26 | 000,000,071 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.06 11:39:21 | 000,000,482 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\RAExpertHistory.xml
[2010.11.25 21:38:09 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.03.02 20:56:15 | 000,260,318 | ---- | C] () -- C:\Users\Heistmer\verzeichniss.jpg
[2010.03.02 20:54:29 | 000,276,485 | ---- | C] () -- C:\Users\Heistmer\filme.jpg
[2010.02.25 08:59:03 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.11.30 01:05:35 | 000,000,029 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\default.rss
[2008.11.30 01:05:35 | 000,000,000 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\downloads.m3u
[2008.10.23 20:15:43 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.twlsj
[2008.10.23 19:53:53 | 000,258,064 | ---- | C] () -- C:\ProgramData\bold flag flag.m89kbj
[2008.10.23 19:32:02 | 000,319,504 | ---- | C] () -- C:\ProgramData\bold flag flag.fddwg
[2008.10.23 19:10:12 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.zj2d1
[2008.10.23 18:48:21 | 000,348,176 | ---- | C] () -- C:\ProgramData\bold flag flag.0f3nl
[2008.10.23 18:26:31 | 000,311,312 | ---- | C] () -- C:\ProgramData\bold flag flag.6lzxdq1
[2008.10.23 18:04:41 | 000,122,896 | ---- | C] () -- C:\ProgramData\bold flag flag.tczrs2
[2008.10.23 17:42:50 | 000,036,880 | ---- | C] () -- C:\ProgramData\bold flag flag.a19t49
[2008.10.23 17:21:00 | 000,196,624 | ---- | C] () -- C:\ProgramData\bold flag flag.0ehold
[2008.10.23 16:59:09 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.qr8rj
[2008.10.23 16:37:19 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.b8af8
[2008.10.23 16:15:29 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.h3kwaw
[2008.10.23 15:53:38 | 000,090,128 | ---- | C] () -- C:\ProgramData\bold flag flag.6ze1fa
[2008.10.23 15:31:48 | 000,339,984 | ---- | C] () -- C:\ProgramData\bold flag flag.h5gwda
[2008.10.23 15:09:57 | 000,147,472 | ---- | C] () -- C:\ProgramData\bold flag flag.l5j7y
[2008.10.23 14:48:07 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.ps2k65
[2008.10.23 14:26:22 | 000,385,040 | ---- | C] () -- C:\ProgramData\loud flag cdrom.qxp4q
[2008.10.23 14:25:46 | 000,200,720 | ---- | C] () -- C:\ProgramData\bold flag flag.g7hex
[2008.10.23 14:25:46 | 000,159,760 | ---- | C] () -- C:\ProgramData\bold flag flag.zdmqfk
[2008.10.23 14:20:50 | 000,012,304 | ---- | C] () -- C:\ProgramData\bold flag flag.7376dv
[2008.08.27 19:54:45 | 000,024,226 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\UserTile.png
[2008.05.26 21:20:45 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.25 12:15:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.19 22:03:44 | 000,005,070 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.03.19 22:03:44 | 000,000,168 | RHS- | C] () -- C:\ProgramData\568DE542ED.sys
[2008.03.13 21:09:22 | 000,246,784 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.13 20:45:55 | 000,000,732 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.10.21 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Any Video Converter
[2012.01.26 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Artisteer
[2008.06.29 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\BlackBean
[2011.07.02 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Canneverbe Limited
[2008.04.04 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DAEMON Tools
[2012.08.19 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoft
[2012.08.19 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.13 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\elsterformular
[2012.09.14 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FileZilla
[2012.10.05 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FRITZ!
[2008.12.09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Haufe
[2011.03.20 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\ImTOO
[2008.08.21 22:26:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InterVideo
[2012.09.27 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\KeePass
[2008.12.15 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Leadertech
[2008.12.09 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Lexware
[2012.09.11 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2011.06.30 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\motorola
[2009.02.01 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Musicmatch
[2012.08.27 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MyPhoneExplorer
[2012.10.02 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nayfo
[2011.06.26 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nokia
[2010.07.20 07:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PACE Anti-Piracy
[2008.05.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PC Suite
[2008.08.27 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PeerNetworking
[2012.06.07 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\QuickScan
[2010.07.19 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.08 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Transcend
[2010.09.09 07:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Trillian
[2012.08.10 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TS3Client
[2011.11.20 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TuneUp Software
[2012.09.22 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ulead Systems
[2012.09.14 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\VSO
[2010.04.21 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\wds.NET
[2012.01.07 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.07 23:19:07 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Adobe
[2008.11.30 16:24:48 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ahead
[2010.10.21 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Any Video Converter
[2012.01.26 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Apple Computer
[2012.01.26 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Artisteer
[2011.11.27 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Avira
[2008.06.29 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\BlackBean
[2011.07.02 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Canneverbe Limited
[2011.01.22 22:19:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Corel
[2008.04.04 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DAEMON Tools
[2008.08.27 07:27:56 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DivX
[2011.03.20 21:22:56 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\dvdcss
[2012.08.19 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoft
[2012.08.19 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.13 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\elsterformular
[2012.09.14 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FileZilla
[2012.10.05 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FRITZ!
[2008.03.18 23:01:28 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Google
[2008.12.09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Haufe
[2008.03.13 20:46:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Identities
[2011.03.20 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\ImTOO
[2008.03.14 00:31:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InstallShield
[2008.08.21 22:26:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InterVideo
[2008.03.14 08:46:48 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Jasc Software Inc
[2012.09.27 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\KeePass
[2008.12.15 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Leadertech
[2008.12.09 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Lexware
[2008.03.15 19:17:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Logitech
[2008.03.20 21:38:49 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Macromedia
[2012.09.11 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2012.10.02 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Malwarebytes
[2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Media Center Programs
[2010.08.15 21:43:50 | 000,000,000 | --SD | M] -- C:\Users\Heistmer\AppData\Roaming\Microsoft
[2011.06.30 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\motorola
[2008.08.26 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Mozilla
[2012.01.14 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Mozilla-Cache
[2009.02.01 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Musicmatch
[2012.08.27 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MyPhoneExplorer
[2012.10.02 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nayfo
[2011.07.03 20:37:23 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nero
[2011.06.26 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nokia
[2012.06.27 19:53:45 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\NVIDIA
[2010.07.20 07:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PACE Anti-Piracy
[2008.05.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PC Suite
[2008.08.27 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PeerNetworking
[2012.06.07 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\QuickScan
[2008.03.20 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Real
[2008.06.22 16:52:26 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\skypePM
[2008.03.16 01:22:08 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\SmartFTP
[2010.07.19 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2008.03.15 13:29:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Talkback
[2010.03.19 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\teamspeak2
[2011.03.08 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Transcend
[2010.09.09 07:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Trillian
[2012.08.10 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TS3Client
[2011.11.20 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TuneUp Software
[2012.09.22 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ulead Systems
[2008.08.18 23:36:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\vlc
[2012.09.14 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\VSO
[2010.04.21 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\wds.NET
[2011.11.05 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Winamp
[2012.01.07 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WindSolutions
[2008.03.14 22:39:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WinRAR
[2012.09.11 20:50:32 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.07.19 18:49:04 | 000,010,134 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2009.05.19 21:35:06 | 000,007,358 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_24c89c8.exe
[2009.05.19 21:35:06 | 000,007,358 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_39fe3610.exe
[2009.08.11 22:39:05 | 000,010,134 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{A2C60BF1-82E3-493C-911D-14AD50471F2F}\ARPPRODUCTICON.exe
[2007.10.08 01:57:52 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2007.12.28 11:15:38 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
[2012.01.07 17:57:55 | 003,703,176 | ---- | M] (WindSolutions) -- C:\Users\Heistmer\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.09 03:52:57 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=3927EB6EBFC77BA93481F440221D5252 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_371e04d9dcfdf69e\atapi.sys
[2008.01.09 03:52:56 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=48021EB810BF8FB6EBFA4569B95AAD5F -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_380123c8f5d8000c\atapi.sys
[2009.04.11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\Users\Heistmer\Eigene Webs\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 01:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 01:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 01:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 01:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 01:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 01:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 11:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2007.07.14 02:23:35 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.07.14 02:23:36 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 13:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2009.04.11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 17:40:34 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 17:40:34 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 6281 bytes -> C:\Windows\pOOrGUI:Source Setup Log.txt
@Alternate Data Stream - 24 bytes -> C:\Windows:7E92895CF0C0E947
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 1192 bytes -> C:\ProgramData\Microsoft:GU20qEzkcvUPQnca2EoO96egmYBo7
@Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:6UbkivR8LfAWeH3hD48xECCj6
@Alternate Data Stream - 1124 bytes -> C:\ProgramData\Microsoft:0gtbGQ5UBdBtGnl3ms7gN6CAa

< End of report >

--- --- ---

cosinus · 07.10.2012, 18:03

Code:

ATTFilter

PRC - C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation)

Das ist so bekannt und auch gewollt mit dem xampp?

Heistmer · 07.10.2012, 19:10

Ich glaub das war mal irgend ein Baustein um eine Hompage zu erstellen, das hab ich dann aber auch schnell wieder augegeben.

Kann grundsätzlich wech. Kann so wie es aussieht auch über den Pogrammanager deinstaliert werden.

cosinus · 07.10.2012, 20:24

Dann deinstallier das mal und bei Gelegenheit auch alles andere was du nicht mehr brauchst. Hält das Log kurz und man sieht dann den Wald wegen weniger Bäume etwas besser

Also mach danach wie o.g. bitte ein neues OTL-Log

Heistmer · 08.10.2012, 19:13

und ein neues Log

Code:

ATTFilter

OTL logfile created on: 08.10.2012 19:25:13 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Heistmer\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 56,12% Memory free
6,71 Gb Paging File | 4,90 Gb Available in Paging File | 72,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,11 Gb Total Space | 26,06 Gb Free Space | 5,78% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 10,08 Gb Free Space | 68,92% Space Free | Partition Type: FAT32
Drive J: | 931,50 Gb Total Space | 810,36 Gb Free Space | 87,00% Space Free | Partition Type: NTFS
 
Computer Name: Heistmer-ONE | User Name: Heistmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Heistmer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Trillian\libungif.dll ()
MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\talk.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\events.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\toolkit.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\buddy.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\trillian.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (StkSSrv) -- C:\Windows\SysNative\StkCSrv.exe (Syntek America Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (MagicTuneEngine) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (x10nets) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys (Protect Software GmbH)
DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (IntelDH64) -- C:\Windows\SysNative\Drivers\IntelDH64.sys (Intel Corporation)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\DRIVERS\SaiMini.sys (Saitek)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\DRIVERS\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\Drivers\StkCMini.sys (Syntek)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\DRIVERS\cjusb.sys (REINER SCT)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (X10Hid) -- C:\Windows\SysNative\Drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9}: "URL" = hxxp://www2.iesearch.com/s/?&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "FireSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www2.firesearch.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.05 19:33:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.15 22:15:34 | 000,000,000 | ---D | M]
 
[2008.08.26 21:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Extensions
[2012.10.04 15:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions
[2010.05.19 23:02:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.08.26 21:16:36 | 000,000,000 | ---D | M] ("FireFTP") -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.12.04 10:46:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.04 10:46:38 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\firebug@software.joehewitt.com
[2012.10.04 15:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\Heistmer\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EW9DMKC.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2008.06.18 09:47:34 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npdlplug.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.07.18 17:32:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.18 17:32:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.18 17:32:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.18 17:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.18 17:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.03.03 21:42:44 | 000,302,531 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 10430 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIC273~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B63BB61-2F55-48CA-BA01-587CE776F4AC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O27:64bit: - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.08 19:22:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.04 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.02 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Malwarebytes
[2012.10.02 20:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.02 20:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.02 20:51:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.02 20:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.22 23:57:59 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Local\NOS
[2012.09.15 19:55:10 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\Desktop\HeistMedia
[2012.09.15 19:48:27 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artisteer 3
[2012.09.11 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Local\Xara
[2012.09.11 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.09.11 20:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.09.11 20:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.09.11 20:50:32 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Yahoo!
[2012.09.11 20:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.08 19:22:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.08 18:54:36 | 000,002,305 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2012.10.08 18:53:56 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.08 18:53:55 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.08 18:53:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.08 08:01:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.08 07:07:57 | 004,965,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.06 22:29:01 | 000,246,784 | ---- | M] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.05 19:15:12 | 000,513,501 | ---- | M] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.03 18:10:26 | 000,000,020 | ---- | M] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | M] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.02 20:51:28 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 08:03:15 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.22 23:44:31 | 001,453,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.22 23:44:31 | 000,632,252 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.22 23:44:31 | 000,598,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.22 23:44:31 | 000,127,302 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.22 23:44:31 | 000,104,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.22 23:22:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.11 20:51:25 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX 3D Maker 7 Download-Version.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.05 19:15:12 | 000,513,501 | ---- | C] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.03 18:10:26 | 000,000,020 | ---- | C] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:35 | 000,050,477 | ---- | C] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | C] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.02 20:51:28 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 07:54:28 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 20:51:25 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX 3D Maker 7 Download-Version.lnk
[2012.06.07 21:24:07 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.10.16 11:51:19 | 000,000,430 | ---- | C] () -- C:\Windows\scummvm.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.26 07:31:00 | 000,169,757 | ---- | C] () -- C:\Users\Heistmer\fm_0911_34-35 (1).pdf
[2011.02.15 21:16:26 | 000,000,071 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.06 11:39:21 | 000,000,482 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\RAExpertHistory.xml
[2010.11.25 21:38:09 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.03.02 20:56:15 | 000,260,318 | ---- | C] () -- C:\Users\Heistmer\verzeichniss.jpg
[2010.03.02 20:54:29 | 000,276,485 | ---- | C] () -- C:\Users\Heistmer\filme.jpg
[2010.02.25 08:59:03 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.11.30 01:05:35 | 000,000,029 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\default.rss
[2008.11.30 01:05:35 | 000,000,000 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\downloads.m3u
[2008.10.23 20:15:43 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.twlsj
[2008.10.23 19:53:53 | 000,258,064 | ---- | C] () -- C:\ProgramData\bold flag flag.m89kbj
[2008.10.23 19:32:02 | 000,319,504 | ---- | C] () -- C:\ProgramData\bold flag flag.fddwg
[2008.10.23 19:10:12 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.zj2d1
[2008.10.23 18:48:21 | 000,348,176 | ---- | C] () -- C:\ProgramData\bold flag flag.0f3nl
[2008.10.23 18:26:31 | 000,311,312 | ---- | C] () -- C:\ProgramData\bold flag flag.6lzxdq1
[2008.10.23 18:04:41 | 000,122,896 | ---- | C] () -- C:\ProgramData\bold flag flag.tczrs2
[2008.10.23 17:42:50 | 000,036,880 | ---- | C] () -- C:\ProgramData\bold flag flag.a19t49
[2008.10.23 17:21:00 | 000,196,624 | ---- | C] () -- C:\ProgramData\bold flag flag.0ehold
[2008.10.23 16:59:09 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.qr8rj
[2008.10.23 16:37:19 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.b8af8
[2008.10.23 16:15:29 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.h3kwaw
[2008.10.23 15:53:38 | 000,090,128 | ---- | C] () -- C:\ProgramData\bold flag flag.6ze1fa
[2008.10.23 15:31:48 | 000,339,984 | ---- | C] () -- C:\ProgramData\bold flag flag.h5gwda
[2008.10.23 15:09:57 | 000,147,472 | ---- | C] () -- C:\ProgramData\bold flag flag.l5j7y
[2008.10.23 14:48:07 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.ps2k65
[2008.10.23 14:26:22 | 000,385,040 | ---- | C] () -- C:\ProgramData\loud flag cdrom.qxp4q
[2008.10.23 14:25:46 | 000,200,720 | ---- | C] () -- C:\ProgramData\bold flag flag.g7hex
[2008.10.23 14:25:46 | 000,159,760 | ---- | C] () -- C:\ProgramData\bold flag flag.zdmqfk
[2008.10.23 14:20:50 | 000,012,304 | ---- | C] () -- C:\ProgramData\bold flag flag.7376dv
[2008.08.27 19:54:45 | 000,024,226 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\UserTile.png
[2008.05.26 21:20:45 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.25 12:15:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.19 22:03:44 | 000,005,070 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.03.19 22:03:44 | 000,000,168 | RHS- | C] () -- C:\ProgramData\568DE542ED.sys
[2008.03.13 21:09:22 | 000,246,784 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.13 20:45:55 | 000,000,732 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.10.21 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Any Video Converter
[2012.01.26 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Artisteer
[2008.06.29 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\BlackBean
[2011.07.02 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Canneverbe Limited
[2008.04.04 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DAEMON Tools
[2012.10.08 07:20:51 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoft
[2011.02.13 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\elsterformular
[2012.09.14 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FileZilla
[2012.10.07 23:25:53 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FRITZ!
[2008.12.09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Haufe
[2011.03.20 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\ImTOO
[2008.08.21 22:26:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InterVideo
[2012.09.27 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\KeePass
[2008.12.15 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Leadertech
[2008.12.09 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Lexware
[2012.09.11 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2011.06.30 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\motorola
[2009.02.01 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Musicmatch
[2012.08.27 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MyPhoneExplorer
[2012.10.02 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nayfo
[2011.06.26 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nokia
[2010.07.20 07:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PACE Anti-Piracy
[2008.05.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PC Suite
[2008.08.27 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PeerNetworking
[2012.06.07 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\QuickScan
[2010.07.19 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.08 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Transcend
[2010.09.09 07:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Trillian
[2012.08.10 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TS3Client
[2011.11.20 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TuneUp Software
[2012.09.22 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ulead Systems
[2012.09.14 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\VSO
[2010.04.21 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\wds.NET
[2012.01.07 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.07 23:19:07 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Adobe
[2008.11.30 16:24:48 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ahead
[2010.10.21 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Any Video Converter
[2012.01.26 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Apple Computer
[2012.01.26 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Artisteer
[2011.11.27 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Avira
[2008.06.29 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\BlackBean
[2011.07.02 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Canneverbe Limited
[2011.01.22 22:19:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Corel
[2008.04.04 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DAEMON Tools
[2008.08.27 07:27:56 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DivX
[2011.03.20 21:22:56 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\dvdcss
[2012.10.08 07:20:51 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoft
[2011.02.13 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\elsterformular
[2012.09.14 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FileZilla
[2012.10.07 23:25:53 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FRITZ!
[2008.03.18 23:01:28 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Google
[2008.12.09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Haufe
[2008.03.13 20:46:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Identities
[2011.03.20 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\ImTOO
[2008.03.14 00:31:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InstallShield
[2008.08.21 22:26:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InterVideo
[2008.03.14 08:46:48 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Jasc Software Inc
[2012.09.27 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\KeePass
[2008.12.15 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Leadertech
[2008.12.09 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Lexware
[2008.03.15 19:17:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Logitech
[2008.03.20 21:38:49 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Macromedia
[2012.09.11 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2012.10.02 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Malwarebytes
[2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Media Center Programs
[2010.08.15 21:43:50 | 000,000,000 | --SD | M] -- C:\Users\Heistmer\AppData\Roaming\Microsoft
[2011.06.30 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\motorola
[2008.08.26 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Mozilla
[2012.01.14 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Mozilla-Cache
[2009.02.01 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Musicmatch
[2012.08.27 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MyPhoneExplorer
[2012.10.02 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nayfo
[2011.07.03 20:37:23 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nero
[2011.06.26 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nokia
[2012.06.27 19:53:45 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\NVIDIA
[2010.07.20 07:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PACE Anti-Piracy
[2008.05.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PC Suite
[2008.08.27 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PeerNetworking
[2012.06.07 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\QuickScan
[2008.03.20 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Real
[2008.06.22 16:52:26 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\skypePM
[2008.03.16 01:22:08 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\SmartFTP
[2010.07.19 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2008.03.15 13:29:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Talkback
[2010.03.19 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\teamspeak2
[2011.03.08 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Transcend
[2010.09.09 07:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Trillian
[2012.08.10 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TS3Client
[2011.11.20 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TuneUp Software
[2012.09.22 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ulead Systems
[2008.08.18 23:36:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\vlc
[2012.09.14 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\VSO
[2010.04.21 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\wds.NET
[2011.11.05 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Winamp
[2012.01.07 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WindSolutions
[2008.03.14 22:39:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WinRAR
[2012.09.11 20:50:32 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.07.19 18:49:04 | 000,010,134 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2009.05.19 21:35:06 | 000,007,358 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_24c89c8.exe
[2009.05.19 21:35:06 | 000,007,358 | R--- | M] () -- C:\Users\Heistmer\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_39fe3610.exe
[2007.10.08 01:57:52 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2007.12.28 11:15:38 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
[2012.01.07 17:57:55 | 003,703,176 | ---- | M] (WindSolutions) -- C:\Users\Heistmer\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.09 03:52:57 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=3927EB6EBFC77BA93481F440221D5252 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_371e04d9dcfdf69e\atapi.sys
[2008.01.09 03:52:56 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=48021EB810BF8FB6EBFA4569B95AAD5F -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_380123c8f5d8000c\atapi.sys
[2009.04.11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 01:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 01:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 01:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 01:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 01:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 01:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 11:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2007.07.14 02:23:35 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.07.14 02:23:36 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 13:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2009.04.11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 17:40:34 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 17:40:34 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 6281 bytes -> C:\Windows\pOOrGUI:Source Setup Log.txt
@Alternate Data Stream - 24 bytes -> C:\Windows:7E92895CF0C0E947
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 1192 bytes -> C:\ProgramData\Microsoft:GU20qEzkcvUPQnca2EoO96egmYBo7
@Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:6UbkivR8LfAWeH3hD48xECCj6
@Alternate Data Stream - 1124 bytes -> C:\ProgramData\Microsoft:0gtbGQ5UBdBtGnl3ms7gN6CAa

< End of report >

Alles was nun noch da ist benutz ich entweder, bzw. meine Frau. Oder was auch bei vielem zutrifft, hab ich einfach keine Ahnung wozu es gehört.

Ich habe auch versucht Avira zu deinstalieren, da ich ja derzeit das AntiMaleware Pogramm am laufen habe, allerding bekomm ich dann auch wieder die Meldung mit der falschen Gruppenrichline.

Auch den Fehler welchen OTL immer mal wieder ausgibt ist noch da. Aber das nur am Rande fals es von bedeutung ist.

Zitat:

Es befindet sich kein Datenträger im Lauwerk. Legen Sie einen Datenträger in Laufwerk/Device/Harddisk/DR2 ein.

cosinus · 09.10.2012, 10:50

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9}: "URL" = http://www2.iesearch.com/s/?&q={searchTerms}
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
@Alternate Data Stream - 6281 bytes -> C:\Windows\pOOrGUI:Source Setup Log.txt
@Alternate Data Stream - 24 bytes -> C:\Windows:7E92895CF0C0E947
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 1192 bytes -> C:\ProgramData\Microsoft:GU20qEzkcvUPQnca2EoO96egmYBo7
@Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:6UbkivR8LfAWeH3hD48xECCj6
@Alternate Data Stream - 1124 bytes -> C:\ProgramData\Microsoft:0gtbGQ5UBdBtGnl3ms7gN6CAa
:Files
C:\Windows\pOOrGUI
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

05.10.2012, 18:33	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner? UKash Aufforderung mit Systemstillegung Code: ATTFilter Version 3.2.70.1 hast du OTL vorhin nicht neu runtergeladen? Warum nicht? __________________ Logfiles bitte immer in CODE-Tags posten

06.10.2012, 18:31	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner? UKash Aufforderung mit Systemstillegung Ja bitte nochmal mit der aktuellen Version __________________ Logfiles bitte immer in CODE-Tags posten

07.10.2012, 18:03	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner? UKash Aufforderung mit Systemstillegung Code: ATTFilter PRC - C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe () PRC - C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation) Das ist so bekannt und auch gewollt mit dem xampp? __________________ Logfiles bitte immer in CODE-Tags posten

07.10.2012, 20:24	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner? UKash Aufforderung mit Systemstillegung Dann deinstallier das mal und bei Gelegenheit auch alles andere was du nicht mehr brauchst. Hält das Log kurz und man sieht dann den Wald wegen weniger Bäume etwas besser Also mach danach wie o.g. bitte ein neues OTL-Log __________________ Logfiles bitte immer in CODE-Tags posten

Bundestrojaner? UKash Aufforderung mit Systemstillegung

Log-Analyse und Auswertung: Bundestrojaner? UKash Aufforderung mit Systemstillegung