|
Smart HDD Virus eingefangen Hallo zusammen, ich habe mir auch gerade den Smart HDD Virus eingefangen. Habe gerade den OTL run durchgefuehrt mit u.g. Ergebnis. Waere nett, wenn mir jemand von euch helfen koennte! OTL logfile created on: 6/30/2012 3:45:36 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Lisa\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.95 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 22.76% Memory free 8.70 Gb Paging File | 0.90 Gb Available in Paging File | 10.34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 332.44 Gb Free Space | 73.71% Space Free | Partition Type: NTFS Drive D: | 14.45 Gb Total Space | 1.58 Gb Free Space | 10.92% Space Free | Partition Type: NTFS Drive E: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 99.02 Mb Total Space | 84.75 Mb Free Space | 85.59% Space Free | Partition Type: FAT32 Computer Name: LISA-HP | User Name: Lisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/30 15:44:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe PRC - [2012/06/13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012/06/13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012/05/10 19:44:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/10 19:44:11 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/10 19:44:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/09/30 22:00:28 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/07/06 21:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/06/13 17:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011/02/16 02:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011/01/25 02:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/01/25 02:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/01/25 02:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/01/25 02:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2010/12/23 00:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/12/23 00:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/07/28 18:34:38 | 001,508,248 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe PRC - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2010/07/28 18:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe PRC - [2010/07/28 18:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe PRC - [2008/03/19 04:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe ========== Modules (No Company Name) ========== MOD - [2012/06/16 16:50:22 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll MOD - [2012/06/16 08:49:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/16 08:49:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/23 07:19:25 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll MOD - [2012/05/19 21:22:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/19 21:21:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/19 21:21:37 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/19 21:21:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/19 21:21:34 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/19 21:21:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010/07/28 18:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll MOD - [2010/07/28 18:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll MOD - [2010/06/23 19:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll MOD - [2010/06/23 19:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll MOD - [2010/06/23 19:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll MOD - [2010/06/23 19:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll MOD - [2010/06/23 18:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll MOD - [2008/03/19 04:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll MOD - [2008/03/19 04:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll MOD - [2008/01/09 02:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/06/08 10:32:07 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/01/07 12:05:18 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2012/01/07 12:05:17 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) SRV:64bit: - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010/09/23 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service) SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper) SRV:64bit: - [2009/07/14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012/05/10 19:44:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/10 19:44:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/01/07 12:03:48 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011/02/16 02:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011/01/25 02:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/01/25 02:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/01/25 02:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/12/23 00:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/12/23 00:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/10/12 21:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/06/30 15:22:01 | 000,050,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\pisqhpwu.sys -- (pisqhpwu) DRV:64bit: - [2012/06/08 10:32:12 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2012/06/08 10:32:07 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/06/08 10:32:07 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/05/10 19:44:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/10 19:44:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 10:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/07 12:05:18 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/01/07 12:03:49 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012/01/02 21:21:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/10/19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/08/03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/03/11 10:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 10:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/17 05:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/02/17 04:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2011/01/24 13:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011/01/24 13:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011/01/24 12:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2010/11/21 07:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 07:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/21 07:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 07:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/20 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010/10/15 13:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/03/12 00:22:01 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp) DRV:64bit: - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/11 01:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/11 01:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/11 01:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/11 00:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/11 00:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/13 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/13 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{CD6B93FA-E0DC-4D64-8597-5B6587173C72}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{CD6B93FA-E0DC-4D64-8597-5B6587173C72}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/13 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {49BF738E-6D39-4FAC-A8FA-B5C5D0133C07} IE - HKCU\..\SearchScopes\{49BF738E-6D39-4FAC-A8FA-B5C5D0133C07}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\..\SearchScopes\{64AE9A3C-5413-4C6D-8682-F7023BF09205}: "URL" = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) O1 HOSTS File: ([2009/06/11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [VeJJMGoqiUaYbjF.exe] C:\ProgramData\VeJJMGoqiUaYbjF.exe () O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.132.63.25 80.227.2.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51C1477E-97DA-40DC-9E72-DBBDB3763365}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BBC1456-6C5B-42F7-9D4F-8418F98C6090}: DhcpNameServer = 213.132.63.25 80.227.2.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/30 14:50:03 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012/06/26 20:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012/06/26 20:29:24 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Local\Google [2012/06/26 20:29:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Google [2012/06/26 20:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/06/26 20:29:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/06/26 20:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mario Forever [2012/06/26 20:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mario Forever [2012/06/22 10:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012/06/22 10:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012/06/22 10:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012/06/16 09:19:13 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Local\{D27F9FEA-32A2-4840-A4C4-F2689A9C7BE1} [2012/06/15 06:50:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\ATI [2012/06/08 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012/06/08 10:33:40 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2012/06/08 10:33:39 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2012/06/08 10:33:38 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2012/06/08 10:33:38 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/30 15:46:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/30 15:12:16 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 15:12:16 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 15:10:02 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/30 15:10:02 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/30 15:10:02 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/30 15:07:37 | 000,000,256 | -H-- | M] () -- C:\ProgramData\8LfNrpQzPxugau [2012/06/30 15:05:36 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugaur [2012/06/30 15:05:36 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugau [2012/06/30 15:04:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/30 15:03:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/30 15:03:40 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys [2012/06/30 14:49:49 | 000,255,736 | -H-- | M] () -- C:\ProgramData\8LfNrpQzPxugau.exe [2012/06/30 14:31:20 | 000,346,872 | -H-- | M] () -- C:\ProgramData\VeJJMGoqiUaYbjF.exe [2012/06/30 09:01:54 | 000,069,401 | -H-- | M] () -- C:\Users\Lisa\Desktop\Gutschein1.pdf [2012/06/16 11:24:41 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLisa.job [2012/06/16 08:45:32 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/08 10:32:21 | 001,981,696 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.cpa [2012/06/08 10:32:21 | 000,963,116 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin [2012/06/08 10:32:21 | 000,963,116 | ---- | M] () -- C:\Windows\SysNative\igkrng600.bin [2012/06/08 10:32:21 | 000,059,243 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp [2012/06/08 10:32:21 | 000,059,174 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp [2012/06/08 10:32:21 | 000,059,062 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp [2012/06/08 10:32:21 | 000,017,340 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp [2012/06/08 10:32:21 | 000,001,074 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.vp [2012/06/08 10:32:14 | 000,004,096 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2012/06/08 10:32:13 | 000,216,000 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/06/08 10:32:13 | 000,216,000 | ---- | M] () -- C:\Windows\SysNative\igfcg600m.bin [2012/06/08 10:32:12 | 013,903,872 | ---- | M] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/06/08 10:32:12 | 000,075,776 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll [2012/06/08 10:32:12 | 000,056,832 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll [2012/06/08 10:32:10 | 000,211,217 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2012/06/08 10:32:10 | 000,198,037 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2012/06/08 10:32:10 | 000,182,649 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2012/06/08 10:32:10 | 000,179,992 | ---- | M] () -- C:\Windows\SysNative\difx64.exe [2012/06/08 10:32:10 | 000,156,192 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2012/06/08 10:32:10 | 000,153,129 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2012/06/08 10:32:10 | 000,148,981 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2012/06/08 10:32:10 | 000,140,212 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2012/06/08 10:32:10 | 000,138,707 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2012/06/08 10:32:10 | 000,137,840 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2012/06/08 10:32:10 | 000,137,641 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2012/06/08 10:32:10 | 000,136,584 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources [2012/06/08 10:32:10 | 000,135,654 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2012/06/08 10:32:10 | 000,135,357 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2012/06/08 10:32:10 | 000,134,821 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2012/06/08 10:32:10 | 000,134,407 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2012/06/08 10:32:10 | 000,134,373 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2012/06/08 10:32:10 | 000,133,841 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2012/06/08 10:32:10 | 000,133,683 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2012/06/08 10:32:10 | 000,133,381 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2012/06/08 10:32:10 | 000,133,149 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2012/06/08 10:32:10 | 000,132,887 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2012/06/08 10:32:10 | 000,132,785 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2012/06/08 10:32:10 | 000,131,840 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources [2012/06/08 10:32:10 | 000,128,998 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2012/06/08 10:32:10 | 000,128,802 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2012/06/08 10:32:10 | 000,128,542 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2012/06/08 10:32:10 | 000,124,056 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2012/06/08 10:32:10 | 000,117,657 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2012/06/08 10:32:10 | 000,116,368 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2012/06/08 10:32:08 | 001,150,656 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap [2012/06/08 10:32:08 | 001,150,656 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap [2012/06/08 10:32:08 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2012/06/08 10:32:08 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll [2012/06/08 10:32:08 | 000,034,823 | ---- | M] () -- C:\Windows\atiogl.xml [2012/06/08 10:32:08 | 000,003,929 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat [2012/06/08 10:32:08 | 000,003,929 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat [2012/06/08 10:32:07 | 000,485,376 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2012/06/08 10:32:07 | 000,234,855 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat [2012/06/08 10:32:07 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2012/06/08 10:32:07 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2012/06/08 10:32:06 | 000,185,152 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/30 14:50:12 | 000,000,136 | -H-- | C] () -- C:\ProgramData\-8LfNrpQzPxugaur [2012/06/30 14:50:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-8LfNrpQzPxugau [2012/06/30 14:50:01 | 000,000,256 | -H-- | C] () -- C:\ProgramData\8LfNrpQzPxugau [2012/06/30 14:49:49 | 000,255,736 | -H-- | C] () -- C:\ProgramData\8LfNrpQzPxugau.exe [2012/06/30 14:33:42 | 000,346,872 | -H-- | C] () -- C:\ProgramData\VeJJMGoqiUaYbjF.exe [2012/06/30 09:01:51 | 000,069,401 | -H-- | C] () -- C:\Users\Lisa\Desktop\Gutschein1.pdf [2012/06/26 20:29:29 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/26 20:29:29 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/08 10:33:49 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2012/06/08 10:33:49 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2012/06/08 10:33:49 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2012/06/08 10:33:49 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2012/06/08 10:33:49 | 000,017,340 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2012/06/08 10:33:49 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp [2012/06/08 10:33:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/06/08 10:33:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin [2012/06/08 10:33:45 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/06/08 10:33:45 | 000,216,000 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin [2012/06/08 10:33:45 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2012/06/08 10:33:44 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll [2012/06/08 10:33:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/06/08 10:33:43 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/06/08 10:33:43 | 000,211,217 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2012/06/08 10:33:43 | 000,135,357 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2012/06/08 10:33:43 | 000,133,841 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2012/06/08 10:33:43 | 000,128,998 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2012/06/08 10:33:43 | 000,117,657 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2012/06/08 10:33:43 | 000,116,368 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2012/06/08 10:33:42 | 000,198,037 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2012/06/08 10:33:42 | 000,182,649 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2012/06/08 10:33:42 | 000,179,992 | ---- | C] () -- C:\Windows\SysNative\difx64.exe [2012/06/08 10:33:42 | 000,156,192 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2012/06/08 10:33:42 | 000,153,129 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2012/06/08 10:33:42 | 000,148,981 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2012/06/08 10:33:42 | 000,140,212 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2012/06/08 10:33:42 | 000,138,707 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2012/06/08 10:33:42 | 000,137,840 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2012/06/08 10:33:42 | 000,137,641 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2012/06/08 10:33:42 | 000,136,584 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources [2012/06/08 10:33:42 | 000,135,654 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2012/06/08 10:33:42 | 000,134,821 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2012/06/08 10:33:42 | 000,134,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2012/06/08 10:33:42 | 000,134,373 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2012/06/08 10:33:42 | 000,133,683 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2012/06/08 10:33:42 | 000,133,381 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2012/06/08 10:33:42 | 000,133,149 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2012/06/08 10:33:42 | 000,132,887 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2012/06/08 10:33:42 | 000,132,785 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2012/06/08 10:33:42 | 000,131,840 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources [2012/06/08 10:33:42 | 000,128,802 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2012/06/08 10:33:42 | 000,128,542 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2012/06/08 10:33:42 | 000,124,056 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2012/06/08 10:33:41 | 001,150,656 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2012/06/08 10:33:40 | 001,150,656 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2012/06/08 10:33:40 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012/06/08 10:33:40 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat [2012/06/08 10:33:39 | 000,034,823 | ---- | C] () -- C:\Windows\atiogl.xml [2012/06/08 10:33:38 | 000,234,855 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2012/06/08 10:33:36 | 000,185,152 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2012/01/02 21:22:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011/11/06 10:40:38 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/09/30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/08/28 13:54:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/08/28 13:46:04 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011/08/28 13:45:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2011/11/14 20:27:27 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\AMS [2012/04/30 07:15:22 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Canon [2012/04/03 11:09:27 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoft [2011/11/08 18:57:02 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers [2011/11/05 07:58:48 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Panda Security [2011/12/02 14:47:50 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\pdfforge [2012/06/30 14:46:07 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\SoftGrid Client [2011/10/14 21:40:30 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Synaptics [2011/11/06 10:41:34 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\TP [2012/05/23 07:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Windows Live Writer [2012/01/29 08:12:32 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/01/13 16:17:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011/06/22 10:51:13 | 000,000,000 | -HSD | M] -- C:\boot [2009/07/14 09:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011/08/28 14:02:21 | 000,000,000 | -H-D | M] -- C:\HP [2011/08/28 13:44:05 | 000,000,000 | -H-D | M] -- C:\Intel [2011/11/06 10:47:01 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 07:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/06/26 20:29:43 | 000,000,000 | R--D | M] -- C:\Program Files [2012/06/26 20:41:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012/06/30 14:50:12 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/10/14 21:33:23 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/06/08 10:32:44 | 000,000,000 | -H-D | M] -- C:\SWSetup [2012/06/30 15:50:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/10/14 21:33:29 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2011/11/05 07:58:20 | 000,000,000 | -H-D | M] -- C:\temp [2011/10/14 21:32:30 | 000,000,000 | R--D | M] -- C:\Users [2012/06/15 06:49:13 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 05:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 05:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 05:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 05:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 09:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 10:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/21 07:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/21 07:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys [2011/01/13 05:51:44 | 000,439,320 | -H-- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\SWSetup\Drivers\IRST\Drivers\x64\iaStor.sys [2011/01/13 05:44:08 | 000,355,352 | -H-- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\SWSetup\Drivers\IRST\Drivers\x32\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/21 07:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 07:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 10:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 10:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 10:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 10:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/21 07:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/21 07:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 07:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 07:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 10:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 10:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 10:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 10:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/21 07:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 07:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/21 07:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 07:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 07:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/21 07:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/21 07:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/21 07:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/21 07:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/21 07:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/21 07:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 07:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 07:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/21 07:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/21 07:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/21 07:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 04:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 04:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012/06/30 15:46:45 | 002,883,584 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2012/06/30 15:46:45 | 000,262,144 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG1 [2011/10/14 21:32:31 | 000,000,000 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG2 [2011/10/14 21:48:00 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011/10/14 21:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011/10/14 21:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011/10/14 21:32:31 | 000,000,020 | -HS- | M] () -- C:\Users\Lisa\ntuser.ini [2012/04/30 07:15:22 | 000,000,000 | -H-- | M] () -- C:\Users\Lisa\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > [2008/10/15 22:42:52 | 000,050,432 | -H-- | M] () -- C:\Users\Lisa\Local Settings\Temp\Extract.exe [2012/06/26 20:28:57 | 002,376,368 | -H-- | M] (Google Inc.) -- C:\Users\Lisa\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe [2011/10/19 08:21:31 | 000,909,088 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Users\Lisa\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe [2012/02/20 19:45:21 | 000,909,600 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Users\Lisa\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe [2009/02/09 21:07:44 | 000,775,504 | -H-- | M] (CANON INC.) -- C:\Users\Lisa\Local Settings\Temp\MSETUP4.EXE [2011/02/04 18:20:12 | 000,088,120 | -H-- | M] (Hewlett-Packard Company) -- C:\Users\Lisa\Local Settings\Temp\Resource.exe [2012/06/16 16:55:39 | 000,008,192 | -H-- | M] () -- C:\Users\Lisa\Local Settings\Temp\SkypeSetup.exe [2011/10/24 13:51:34 | 001,592,176 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP52407.exe [2011/10/24 14:25:20 | 001,201,944 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP52509.exe [2011/10/21 14:58:20 | 014,931,696 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP52532.exe [2011/10/21 12:46:31 | 009,623,848 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP53462.exe [2011/10/20 05:31:28 | 006,543,936 | -H-- | M] (Hewlett Packard Inc ) -- C:\Users\Lisa\Local Settings\Temp\SP53794.exe [2011/10/24 13:55:37 | 001,516,792 | -H-- | M] (InstallShield Software Corporation ) -- C:\Users\Lisa\Local Settings\Temp\SP53999.exe [2011/10/24 14:12:29 | 003,990,312 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP54001.exe [2011/10/24 13:58:29 | 161,811,896 | -H-- | M] (InstallShield Software Corporation ) -- C:\Users\Lisa\Local Settings\Temp\SP54246.exe [2012/01/01 17:39:33 | 048,461,176 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\sp54373.exe [2012/04/08 20:03:39 | 048,868,760 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\sp54620.exe [2011/10/20 05:31:34 | 006,580,120 | -H-- | M] (Hewlett Packard Inc ) -- C:\Users\Lisa\Local Settings\Temp\SP54714.exe [2011/11/18 16:32:32 | 163,964,813 | -H-- | M] (Hewlett-Packpard ) -- C:\Users\Lisa\Local Settings\Temp\SP54748.exe [2011/10/24 15:05:28 | 110,369,512 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP54900.exe [2011/11/22 21:16:35 | 005,202,680 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP55068.exe [2012/05/17 23:33:26 | 355,441,048 | -H-- | M] (InstallShield Software Corporation ) -- C:\Users\Lisa\Local Settings\Temp\SP55092.exe [2012/01/05 10:25:25 | 031,998,584 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP55094.exe [2011/11/23 06:30:45 | 011,908,384 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP55101.exe [2011/11/22 20:37:02 | 011,504,336 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP55104.exe [2011/12/06 15:30:25 | 110,885,800 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP55107.exe [2011/12/06 08:08:16 | 003,959,824 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP55150.exe [2012/01/05 12:36:20 | 005,305,376 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP55151.exe [2012/06/30 14:35:09 | 000,544,768 | -H-- | M] (Корпорация Майкрософт) -- C:\Users\Lisa\Local Settings\Temp\UAC.exe [2011/09/09 17:07:56 | 000,449,592 | -H-- | M] (Hewlett-Packard Company) -- C:\Users\Lisa\Local Settings\Temp\UninstallHPSA.exe [2011/06/21 15:55:12 | 000,449,592 | -H-- | M] (Hewlett-Packard Company) -- C:\Users\Lisa\Local Settings\Temp\UninstallHPTCA.exe [2011/05/13 10:26:56 | 004,961,800 | -H-- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\vcredist_x64.exe [259 C:\Users\Lisa\Local Settings\Temp\*.tmp files -> C:\Users\Lisa\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.dll > [2011/11/26 13:15:51 | 000,246,440 | -H-- | M] (Ask.com) -- C:\Users\Lisa\Local Settings\Temp\AskSLib.dll [2011/08/28 13:52:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\dxtmsft.dll [2011/08/28 13:52:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\dxtrans.dll [2012/05/18 02:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\ieframe.dll [2011/08/28 13:52:20 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\iepeers.dll [259 C:\Users\Lisa\Local Settings\Temp\*.tmp files -> C:\Users\Lisa\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Viele Gruesse Lisa |
hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code: :OTL• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://filepony.de/download-unhide/ doppelklicken, dateien werden sichtbar Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
|
Hallo, vielen Dank fuer die schnelle Antwort. Ich habe die OTL Datei hochgeladen, Textdatei habe ich jedoch keine gefunden. Viele Gruesse Lisa |
hi, danke bitte deaktiviere mal alles an programmen, auch internet aus, dann bitte den anweisungen folgen, bei namen, deinen nutzernamen einsetzen. navigiere mal zu C:\Users\name\AppData\Local\Temp rechtsklick, mit winrar oder zip packen und dann mal über rechtsklick eigenschaften gucken wie groß das neue archiv ist außerdem: c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache packen und das archiv im upload channel hochladen. |
Hallo, leider ist der Virus in der Zwischenzeit wieder gekommen... :-( habe versucht die vorhergehenden Anweisungen zu wiederholen, aber er kommt immer wieder... |
dann erstelle nen neues otl log. bist du in der zwischenzeit durch die gegen gesurft? dann unterlasse das bitte bis wir durch sind |
ja, sorry ertappt :-S Hier das neue logOTL Logfile: Code: OTL logfile created on: 6/30/2012 3:45:36 PM - Run 1 |
hi und dann noch am besten illegalen müll wie kinox.to und andere streams, wo man am laufenden band malware findet. finger weg von solchem misst dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code: :OTL• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. jetzt führst du unhide aus, packst, wie beschrieben den temp ordner, postest die größe. dann den java cache packen und hochladen. |
wie gesagt, den java cache packen und den temp ordner. beim temp ordner archiv dann erst mal bescheid geben wie groß, java cache hochladen |
den Java Cache habe ich hochgeladen, die OTS Datei auch noch mal, aber ich habe Probleme mit dem Temp Ordner Archiv. Kann es nicht packen, da Dateien in Verwendung. Ich habe jedoch alle Programme geschlossen (bis auf Skype, das kann ich aus irgendeinem Grund nicht schliessen) |
lässt sich das archiv trotzdem erstellen wenn du die fehlermeldungen mit ok bestätigst? |
Nein, es tut erst so als wuerde es erstellen (legt die zip Datei an), aber wenn ich auf OK druecken, loescht es diese wieder |
ok, hab schon den warscheinlichen übeltäter identifiziert und an antimalware firmen gemeldet Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
Ok, hier die Datei Combofix Logfile: Code: ComboFix 12-06-30.01 - Lisa 30.06.2012 20:52:40.1.8 - x64 |
bist du schon wieder irgendwo rumm gesurft, streaming seiten etc? |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 23:49 Uhr. |
Copyright ©2000-2025, Trojaner-Board