Hab auch den 50 euro virus Hallo hab auch den Virus bekommen, da steht wegen sicherheitsgründen wird Windows gesperrt und ich muss 50 euro zahlen um neues zu kaufen.
Hab schon den scan gemacht und hier sind die 2 daten.
OTL Logfile: Code:
OTL logfile created on: 31.01.2012 19:14:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\************\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,93 Gb Total Physical Memory | 5,01 Gb Available Physical Memory | 84,54% Memory free
11,86 Gb Paging File | 11,06 Gb Available in Paging File | 93,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 246,22 Gb Free Space | 54,00% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 71,61 Gb Free Space | 15,69% Space Free | Partition Type: NTFS
Drive E: | 238,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ****** | User Name: ********** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Wladimir Heiser\Downloads\OTL.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.PDFTransformer.Site License.3.0) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (ABBYY)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=17361010m306pe4h5v105w5591u668
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=17361010m306pe4h5v105w5591u668
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=17361010m306pe4h5v105w5591u668
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com/babylon/deu/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_&q={searchTerms}&mntrId=9a48cf0a00000000000090fba6858c63&tlver=1.4.35.10&"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.18 16:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.03 09:26:42 | 000,000,000 | ---D | M]
[2010.10.22 15:47:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Wladimir Heiser\AppData\Roaming\mozilla\Extensions
[2011.07.29 12:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wladimir Heiser\AppData\Roaming\mozilla\Firefox\Profiles\m0gq8w9d.default\extensions
[2011.07.29 12:33:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Wladimir Heiser\AppData\Roaming\mozilla\Firefox\Profiles\m0gq8w9d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.11 20:32:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Wladimir Heiser\AppData\Roaming\mozilla\Firefox\Profiles\m0gq8w9d.default\extensions\engine@conduit.com
[2011.07.19 10:59:19 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Wladimir Heiser\AppData\Roaming\mozilla\Firefox\Profiles\m0gq8w9d.default\extensions\ffxtlbr@babylon.com
[2011.03.21 15:29:56 | 000,000,927 | ---- | M] () -- C:\Users\Wladimir Heiser\AppData\Roaming\Mozilla\Firefox\Profiles\m0gq8w9d.default\searchplugins\conduit.xml
[2011.04.26 21:56:04 | 000,000,950 | -H-- | M] () -- C:\Users\Wladimir Heiser\AppData\Roaming\Mozilla\Firefox\Profiles\m0gq8w9d.default\searchplugins\icqplugin-1.xml
[2011.03.24 11:41:37 | 000,000,950 | -H-- | M] () -- C:\Users\Wladimir Heiser\AppData\Roaming\Mozilla\Firefox\Profiles\m0gq8w9d.default\searchplugins\icqplugin-2.xml
[2012.01.26 22:08:51 | 000,001,056 | ---- | M] () -- C:\Users\Wladimir Heiser\AppData\Roaming\Mozilla\Firefox\Profiles\m0gq8w9d.default\searchplugins\icqplugin.xml
[2011.11.17 14:33:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.18 16:12:07 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.07 21:44:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.29 12:17:15 | 000,002,273 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.10.07 21:44:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.07 21:44:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.07 21:44:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.07 21:44:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.07 21:44:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Mozilla client] C:\Users\Wladimir Heiser\AppData\Local\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wladimir Heiser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wladimir Heiser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C4CC977-E8B1-469F-829D-487BD224F441}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4bb73c6b-9a55-11e0-a4fa-90fba6858c63}\Shell - "" = AutoRun
O33 - MountPoints2\{4bb73c6b-9a55-11e0-a4fa-90fba6858c63}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{940e6e2f-e1d7-11df-9977-90fba6858c63}\Shell - "" = AutoRun
O33 - MountPoints2\{940e6e2f-e1d7-11df-9977-90fba6858c63}\Shell\AutoRun\command - "" = L:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.01.25 18:37:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.01.11 16:54:40 | 000,000,000 | ---D | C] -- C:\Users\Wladimir Heiser\Desktop\Neuer Ordner (2)
[2012.01.10 20:37:32 | 000,000,000 | R-SD | C] -- C:\Users\Wladimir Heiser\Documents\My Stationery
[2010.12.01 19:56:00 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2010.12.01 19:56:00 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2010.12.01 19:56:00 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2010.12.01 19:56:00 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2010.12.01 19:56:00 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\LXCZhcp.dll
[2010.12.01 19:56:00 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2010.12.01 19:56:00 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2010.12.01 19:56:00 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2010.12.01 19:56:00 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2010.12.01 19:55:59 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2010.12.01 19:55:59 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2010.12.01 19:55:59 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2010.12.01 19:55:59 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2010.12.01 19:55:59 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2010.12.01 19:55:59 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.01.31 18:43:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.31 18:43:36 | 479,510,527 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.31 18:42:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.31 18:42:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.31 18:38:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.31 18:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.25 18:33:39 | 000,007,614 | -H-- | M] () -- C:\Users\Wladimir Heiser\AppData\Local\Resmon.ResmonCfg
[2012.01.15 21:08:16 | 000,001,614 | ---- | M] () -- C:\Users\Wladimir Heiser\Desktop\Wow - rising gods.lnk
[2012.01.15 20:59:28 | 000,001,228 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.01.15 21:08:16 | 000,001,614 | ---- | C] () -- C:\Users\Wladimir Heiser\Desktop\Wow - rising gods.lnk
[2011.07.21 15:54:27 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.21 15:54:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.09 23:05:14 | 000,095,438 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.04.29 13:11:35 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~49536776r
[2011.04.29 13:11:35 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~49536776
[2011.04.29 13:11:34 | 000,000,328 | -H-- | C] () -- C:\ProgramData\49536776
[2011.03.23 17:03:33 | 000,000,086 | ---- | C] () -- C:\Windows\wiso.ini
[2011.03.11 12:33:52 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.02.13 18:18:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.06 17:34:35 | 000,007,614 | -H-- | C] () -- C:\Users\Wladimir Heiser\AppData\Local\Resmon.ResmonCfg
[2011.01.28 14:42:39 | 000,001,043 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010.12.15 10:14:44 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.12.01 19:56:00 | 000,571,392 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2010.12.01 19:56:00 | 000,194,048 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2010.11.06 22:29:33 | 000,000,103 | -H-- | C] () -- C:\Users\Wladimir Heiser\AppData\Local\fusioncache.dat
[2010.11.06 22:28:54 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.22 15:47:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.04.09 18:24:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.23 16:35:44 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.03.23 16:03:34 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011.08.01 10:56:39 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Adyc
[2010.12.17 18:03:04 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Afex
[2010.10.31 03:09:34 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Apoty
[2010.10.26 06:14:42 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Apowe
[2011.03.10 16:24:20 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Argai
[2011.03.28 12:51:33 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\avidemux
[2011.02.14 16:00:45 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Bitafe
[2011.08.11 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\BitSpirit
[2011.02.02 16:14:12 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Boxi
[2011.03.13 19:03:34 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\calibre
[2011.03.21 19:08:09 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Cyeqa
[2010.10.27 15:40:10 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\DAEMON Tools Lite
[2011.07.29 12:33:41 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\DVDVideoSoft
[2011.07.29 12:33:27 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.27 20:43:25 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Ebvyv
[2010.11.19 20:12:10 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Egecn
[2010.12.25 04:56:07 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Egvaag
[2011.05.01 08:45:59 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Eneg
[2011.02.14 16:00:48 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Eqvos
[2011.10.16 15:45:03 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\GetRightToGo
[2010.12.25 02:41:30 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Gynez
[2011.02.14 16:00:48 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Himoze
[2011.02.14 16:00:48 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Hobaq
[2011.03.21 19:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Iclua
[2012.01.31 17:21:52 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\ICQ
[2011.05.01 08:45:59 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Idno
[2011.02.14 16:01:08 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Ikiwro
[2011.01.03 14:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Ilify
[2011.05.01 08:45:59 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Imroi
[2011.08.23 19:28:39 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Kalypso Media
[2011.02.14 16:01:10 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Keehr
[2010.11.17 13:52:16 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Kimuoh
[2011.02.14 16:01:10 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Kokaih
[2011.06.26 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Lionhead Studios
[2010.12.13 09:22:40 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\LolClient
[2010.12.20 15:37:50 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Mevaow
[2011.01.10 16:39:23 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Mygoy
[2010.12.08 02:45:30 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Neeme
[2011.01.12 14:52:06 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Nuory
[2010.11.30 17:38:36 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Nyydca
[2011.05.01 08:46:00 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Ofavax
[2010.12.19 13:05:40 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Ofyl
[2011.07.21 15:54:25 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\PunkBuster
[2011.03.21 19:10:01 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Puow
[2011.04.18 20:54:26 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Qohy
[2011.08.01 10:56:59 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Resserv
[2011.07.28 16:15:21 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\runic games
[2011.02.14 16:02:16 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Seetic
[2010.12.12 02:31:13 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Soxuk
[2011.02.14 16:02:23 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Syny
[2011.10.16 23:14:10 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\TeamViewer
[2011.02.13 17:48:41 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\TS3Client
[2011.05.01 08:46:00 | 000,000,000 | ---D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Ubisoft
[2010.12.14 01:33:10 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Ughyuv
[2010.11.26 01:26:59 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Veroin
[2011.02.14 16:02:23 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Weifi
[2010.12.30 11:00:41 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Woilaf
[2010.11.09 12:52:35 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Xeerf
[2011.03.21 19:10:17 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Xuoro
[2011.02.14 16:02:24 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Ymhoes
[2011.02.14 16:02:24 | 000,000,000 | -H-D | M] -- C:\Users\Wladimir Heiser\AppData\Roaming\Ynxoem
[2011.11.03 15:19:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010.10.22 15:38:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.04.09 18:25:09 | 000,000,000 | -H-D | M] -- C:\book
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.22 15:37:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.01 08:45:31 | 000,000,000 | ---D | M] -- C:\Fraps
[2010.03.23 15:47:21 | 000,000,000 | -H-D | M] -- C:\Intel
[2011.05.01 08:39:19 | 000,000,000 | ---D | M] -- C:\lexmark
[2010.03.24 02:16:06 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.05.01 08:45:31 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.29 12:17:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.24 22:25:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.21 15:50:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.10.22 15:37:23 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.10.22 15:37:23 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.28 13:18:25 | 000,000,000 | -H-D | M] -- C:\Riot Games
[2012.01.31 17:41:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.16 15:47:27 | 000,000,000 | -H-D | M] -- C:\temp
[2011.08.01 10:47:31 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.25 18:37:03 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2010.03.12 22:47:22 | 000,006,440 | ---- | M] () MD5=ACD301711FC165ED77A8D364D407BAF9 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2009.10.06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.03.24 18:28:05 | 000,004,608 | ---- | M] () MD5=3996C92CED89B9389C3E738AEF6DD705 -- C:\Users\Wladimir Heiser\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v63CFF6E1\Native\STUBEXE\@SYSTEM@\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.10.06 07:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.10.06 07:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009.10.06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: IASTOR.SYS >
[2009.10.13 19:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 19:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.10.13 19:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.10.13 19:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b02a0635da01252b\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2010.12.24 16:32:22 | 000,001,140 | ---- | M] () -- C:\Users\Wladimir Heiser\Dokumente - Verknüpfung.lnk
[2012.01.31 19:16:28 | 002,621,440 | -HS- | M] () -- C:\Users\Wladimir Heiser\ntuser.dat
[2012.01.31 19:16:28 | 000,262,144 | -HS- | M] () -- C:\Users\Wladimir Heiser\ntuser.dat.LOG1
[2010.10.22 15:37:30 | 000,000,000 | -HS- | M] () -- C:\Users\Wladimir Heiser\ntuser.dat.LOG2
[2010.10.23 00:10:03 | 000,065,536 | -HS- | M] () -- C:\Users\Wladimir Heiser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.10.23 00:10:03 | 000,524,288 | -HS- | M] () -- C:\Users\Wladimir Heiser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.10.23 00:10:03 | 000,524,288 | -HS- | M] () -- C:\Users\Wladimir Heiser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.05.01 22:15:06 | 000,065,536 | -HS- | M] () -- C:\Users\Wladimir Heiser\ntuser.dat{d3b19ef1-73c4-11e0-82a8-90fba6858c63}.TM.blf
[2011.05.01 22:15:06 | 000,524,288 | -HS- | M] () -- C:\Users\Wladimir Heiser\ntuser.dat{d3b19ef1-73c4-11e0-82a8-90fba6858c63}.TMContainer00000000000000000001.regtrans-ms
[2011.05.01 22:15:06 | 000,524,288 | -HS- | M] () -- C:\Users\Wladimir Heiser\ntuser.dat{d3b19ef1-73c4-11e0-82a8-90fba6858c63}.TMContainer00000000000000000002.regtrans-ms
[2010.10.22 15:37:30 | 000,000,020 | -HS- | M] () -- C:\Users\Wladimir Heiser\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
========== Alternate Data Streams ==========
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:D2D4B33E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
< End of report > --- --- --- |