Smart HDD Virus eingefangen

Alic · 30.06.2012, 13:09

Hallo zusammen,

ich habe mir auch gerade den Smart HDD Virus eingefangen. Habe gerade den OTL run durchgefuehrt mit u.g. Ergebnis. Waere nett, wenn mir jemand von euch helfen koennte!

OTL logfile created on: 6/30/2012 3:45:36 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.95 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 22.76% Memory free
8.70 Gb Paging File | 0.90 Gb Available in Paging File | 10.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 332.44 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
Drive D: | 14.45 Gb Total Space | 1.58 Gb Free Space | 10.92% Space Free | Partition Type: NTFS
Drive E: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 99.02 Mb Total Space | 84.75 Mb Free Space | 85.59% Space Free | Partition Type: FAT32

Computer Name: LISA-HP | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/30 15:44:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe
PRC - [2012/06/13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/06/13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/05/10 19:44:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/10 19:44:11 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/10 19:44:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/30 22:00:28 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/07/06 21:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/13 17:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/16 02:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/25 02:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/25 02:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/01/25 02:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/01/25 02:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2010/12/23 00:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/23 00:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/07/28 18:34:38 | 001,508,248 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 18:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 18:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2008/03/19 04:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/16 16:50:22 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/06/16 08:49:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/16 08:49:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/23 07:19:25 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012/05/19 21:22:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/19 21:21:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/19 21:21:37 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/19 21:21:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/19 21:21:34 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/19 21:21:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/07/28 18:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 18:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 19:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 19:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 19:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 19:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 18:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2008/03/19 04:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll
MOD - [2008/03/19 04:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll
MOD - [2008/01/09 02:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/08 10:32:07 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/01/07 12:05:18 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/01/07 12:05:17 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/23 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/07/14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/05/10 19:44:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/10 19:44:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/07 12:03:48 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/02/16 02:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/01/25 02:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/25 02:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/25 02:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/23 00:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/23 00:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/10/12 21:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/30 15:22:01 | 000,050,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\pisqhpwu.sys -- (pisqhpwu)
DRV:64bit: - [2012/06/08 10:32:12 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/06/08 10:32:07 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/08 10:32:07 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/10 19:44:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/10 19:44:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 10:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/07 12:05:18 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/01/07 12:03:49 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/01/02 21:21:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 10:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 10:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 05:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/17 04:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/24 13:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/24 13:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/01/24 12:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/11/21 07:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 07:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 07:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 07:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 13:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/03/12 00:22:01 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 01:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 01:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 01:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 00:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/11 00:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/13
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{CD6B93FA-E0DC-4D64-8597-5B6587173C72}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{CD6B93FA-E0DC-4D64-8597-5B6587173C72}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {49BF738E-6D39-4FAC-A8FA-B5C5D0133C07}
IE - HKCU\..\SearchScopes\{49BF738E-6D39-4FAC-A8FA-B5C5D0133C07}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{64AE9A3C-5413-4C6D-8682-F7023BF09205}: "URL" = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

O1 HOSTS File: ([2009/06/11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [VeJJMGoqiUaYbjF.exe] C:\ProgramData\VeJJMGoqiUaYbjF.exe ()
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51C1477E-97DA-40DC-9E72-DBBDB3763365}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BBC1456-6C5B-42F7-9D4F-8418F98C6090}: DhcpNameServer = 213.132.63.25 80.227.2.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 14:50:03 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/26 20:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/26 20:29:24 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Local\Google
[2012/06/26 20:29:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Google
[2012/06/26 20:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/26 20:29:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/26 20:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mario Forever
[2012/06/26 20:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mario Forever
[2012/06/22 10:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/06/22 10:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/06/22 10:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012/06/16 09:19:13 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Local\{D27F9FEA-32A2-4840-A4C4-F2689A9C7BE1}
[2012/06/15 06:50:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\ATI
[2012/06/08 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/08 10:33:40 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/08 10:33:39 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/06/08 10:33:38 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/08 10:33:38 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/30 15:46:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 15:12:16 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 15:12:16 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 15:10:02 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/30 15:10:02 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/30 15:10:02 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/30 15:07:37 | 000,000,256 | -H-- | M] () -- C:\ProgramData\8LfNrpQzPxugau
[2012/06/30 15:05:36 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugaur
[2012/06/30 15:05:36 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugau
[2012/06/30 15:04:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 15:03:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 15:03:40 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 14:49:49 | 000,255,736 | -H-- | M] () -- C:\ProgramData\8LfNrpQzPxugau.exe
[2012/06/30 14:31:20 | 000,346,872 | -H-- | M] () -- C:\ProgramData\VeJJMGoqiUaYbjF.exe
[2012/06/30 09:01:54 | 000,069,401 | -H-- | M] () -- C:\Users\Lisa\Desktop\Gutschein1.pdf
[2012/06/16 11:24:41 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLisa.job
[2012/06/16 08:45:32 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 10:32:21 | 001,981,696 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/06/08 10:32:21 | 000,963,116 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/08 10:32:21 | 000,963,116 | ---- | M] () -- C:\Windows\SysNative\igkrng600.bin
[2012/06/08 10:32:21 | 000,059,243 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/06/08 10:32:21 | 000,059,174 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/06/08 10:32:21 | 000,059,062 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/06/08 10:32:21 | 000,017,340 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/06/08 10:32:21 | 000,001,074 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/06/08 10:32:14 | 000,004,096 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/06/08 10:32:13 | 000,216,000 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/08 10:32:13 | 000,216,000 | ---- | M] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/06/08 10:32:12 | 013,903,872 | ---- | M] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/08 10:32:12 | 000,075,776 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2012/06/08 10:32:12 | 000,056,832 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/08 10:32:10 | 000,211,217 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/06/08 10:32:10 | 000,198,037 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/06/08 10:32:10 | 000,182,649 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/06/08 10:32:10 | 000,179,992 | ---- | M] () -- C:\Windows\SysNative\difx64.exe
[2012/06/08 10:32:10 | 000,156,192 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/06/08 10:32:10 | 000,153,129 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/06/08 10:32:10 | 000,148,981 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/06/08 10:32:10 | 000,140,212 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/06/08 10:32:10 | 000,138,707 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/06/08 10:32:10 | 000,137,840 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/06/08 10:32:10 | 000,137,641 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/06/08 10:32:10 | 000,136,584 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/06/08 10:32:10 | 000,135,654 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/06/08 10:32:10 | 000,135,357 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/06/08 10:32:10 | 000,134,821 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/06/08 10:32:10 | 000,134,407 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/06/08 10:32:10 | 000,134,373 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/06/08 10:32:10 | 000,133,841 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/06/08 10:32:10 | 000,133,683 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/06/08 10:32:10 | 000,133,381 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/06/08 10:32:10 | 000,133,149 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/06/08 10:32:10 | 000,132,887 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/06/08 10:32:10 | 000,132,785 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/06/08 10:32:10 | 000,131,840 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/06/08 10:32:10 | 000,128,998 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/06/08 10:32:10 | 000,128,802 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/06/08 10:32:10 | 000,128,542 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/06/08 10:32:10 | 000,124,056 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/06/08 10:32:10 | 000,117,657 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/06/08 10:32:10 | 000,116,368 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/06/08 10:32:08 | 001,150,656 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/06/08 10:32:08 | 001,150,656 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/08 10:32:08 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/08 10:32:08 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2012/06/08 10:32:08 | 000,034,823 | ---- | M] () -- C:\Windows\atiogl.xml
[2012/06/08 10:32:08 | 000,003,929 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
[2012/06/08 10:32:08 | 000,003,929 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
[2012/06/08 10:32:07 | 000,485,376 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/08 10:32:07 | 000,234,855 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/06/08 10:32:07 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/06/08 10:32:07 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/06/08 10:32:06 | 000,185,152 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/30 14:50:12 | 000,000,136 | -H-- | C] () -- C:\ProgramData\-8LfNrpQzPxugaur
[2012/06/30 14:50:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-8LfNrpQzPxugau
[2012/06/30 14:50:01 | 000,000,256 | -H-- | C] () -- C:\ProgramData\8LfNrpQzPxugau
[2012/06/30 14:49:49 | 000,255,736 | -H-- | C] () -- C:\ProgramData\8LfNrpQzPxugau.exe
[2012/06/30 14:33:42 | 000,346,872 | -H-- | C] () -- C:\ProgramData\VeJJMGoqiUaYbjF.exe
[2012/06/30 09:01:51 | 000,069,401 | -H-- | C] () -- C:\Users\Lisa\Desktop\Gutschein1.pdf
[2012/06/26 20:29:29 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 20:29:29 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/08 10:33:49 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/06/08 10:33:49 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/06/08 10:33:49 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/06/08 10:33:49 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/06/08 10:33:49 | 000,017,340 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/06/08 10:33:49 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/06/08 10:33:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/08 10:33:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/06/08 10:33:45 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/08 10:33:45 | 000,216,000 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/06/08 10:33:45 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/06/08 10:33:44 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012/06/08 10:33:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/08 10:33:43 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/08 10:33:43 | 000,211,217 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/06/08 10:33:43 | 000,135,357 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/06/08 10:33:43 | 000,133,841 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/06/08 10:33:43 | 000,128,998 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/06/08 10:33:43 | 000,117,657 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/06/08 10:33:43 | 000,116,368 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/06/08 10:33:42 | 000,198,037 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/06/08 10:33:42 | 000,182,649 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/06/08 10:33:42 | 000,179,992 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2012/06/08 10:33:42 | 000,156,192 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/06/08 10:33:42 | 000,153,129 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/06/08 10:33:42 | 000,148,981 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/06/08 10:33:42 | 000,140,212 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/06/08 10:33:42 | 000,138,707 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/06/08 10:33:42 | 000,137,840 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/06/08 10:33:42 | 000,137,641 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/06/08 10:33:42 | 000,136,584 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/06/08 10:33:42 | 000,135,654 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/06/08 10:33:42 | 000,134,821 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/06/08 10:33:42 | 000,134,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/06/08 10:33:42 | 000,134,373 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/06/08 10:33:42 | 000,133,683 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/06/08 10:33:42 | 000,133,381 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/06/08 10:33:42 | 000,133,149 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/06/08 10:33:42 | 000,132,887 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/06/08 10:33:42 | 000,132,785 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/06/08 10:33:42 | 000,131,840 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/06/08 10:33:42 | 000,128,802 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/06/08 10:33:42 | 000,128,542 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/06/08 10:33:42 | 000,124,056 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/06/08 10:33:41 | 001,150,656 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/06/08 10:33:40 | 001,150,656 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/08 10:33:40 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/06/08 10:33:40 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2012/06/08 10:33:39 | 000,034,823 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/06/08 10:33:38 | 000,234,855 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/06/08 10:33:36 | 000,185,152 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/01/02 21:22:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/06 10:40:38 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/28 13:54:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/28 13:46:04 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/08/28 13:45:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011/11/14 20:27:27 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\AMS
[2012/04/30 07:15:22 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Canon
[2012/04/03 11:09:27 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoft
[2011/11/08 18:57:02 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/05 07:58:48 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Panda Security
[2011/12/02 14:47:50 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\pdfforge
[2012/06/30 14:46:07 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\SoftGrid Client
[2011/10/14 21:40:30 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Synaptics
[2011/11/06 10:41:34 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\TP
[2012/05/23 07:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Windows Live Writer
[2012/01/29 08:12:32 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/01/13 16:17:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/06/22 10:51:13 | 000,000,000 | -HSD | M] -- C:\boot
[2009/07/14 09:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/08/28 14:02:21 | 000,000,000 | -H-D | M] -- C:\HP
[2011/08/28 13:44:05 | 000,000,000 | -H-D | M] -- C:\Intel
[2011/11/06 10:47:01 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 07:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/06/26 20:29:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/06/26 20:41:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/06/30 14:50:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/10/14 21:33:23 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/06/08 10:32:44 | 000,000,000 | -H-D | M] -- C:\SWSetup
[2012/06/30 15:50:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/10/14 21:33:29 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/11/05 07:58:20 | 000,000,000 | -H-D | M] -- C:\temp
[2011/10/14 21:32:30 | 000,000,000 | R--D | M] -- C:\Users
[2012/06/15 06:49:13 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 05:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 05:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 05:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 05:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 09:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 10:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 07:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 07:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IASTOR.SYS >
[2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys
[2011/01/13 05:51:44 | 000,439,320 | -H-- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\SWSetup\Drivers\IRST\Drivers\x64\iaStor.sys
[2011/01/13 05:44:08 | 000,355,352 | -H-- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\SWSetup\Drivers\IRST\Drivers\x32\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/21 07:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 07:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 10:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 10:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 10:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 10:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/21 07:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 07:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 07:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 07:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 10:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 10:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 10:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 10:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 07:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 07:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/21 07:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 07:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 07:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 07:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010/11/21 07:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 07:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 07:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 07:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/21 07:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 07:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 07:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 07:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 07:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 07:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009/07/14 04:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 04:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %USERPROFILE%\*.* >
[2012/06/30 15:46:45 | 002,883,584 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT
[2012/06/30 15:46:45 | 000,262,144 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG1
[2011/10/14 21:32:31 | 000,000,000 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG2
[2011/10/14 21:48:00 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/10/14 21:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/10/14 21:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/10/14 21:32:31 | 000,000,020 | -HS- | M] () -- C:\Users\Lisa\ntuser.ini
[2012/04/30 07:15:22 | 000,000,000 | -H-- | M] () -- C:\Users\Lisa\Sti_Trace.log

< %USERPROFILE%\Local Settings\Temp\*.exe >
[2008/10/15 22:42:52 | 000,050,432 | -H-- | M] () -- C:\Users\Lisa\Local Settings\Temp\Extract.exe
[2012/06/26 20:28:57 | 002,376,368 | -H-- | M] (Google Inc.) -- C:\Users\Lisa\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe
[2011/10/19 08:21:31 | 000,909,088 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Users\Lisa\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
[2012/02/20 19:45:21 | 000,909,600 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Users\Lisa\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
[2009/02/09 21:07:44 | 000,775,504 | -H-- | M] (CANON INC.) -- C:\Users\Lisa\Local Settings\Temp\MSETUP4.EXE
[2011/02/04 18:20:12 | 000,088,120 | -H-- | M] (Hewlett-Packard Company) -- C:\Users\Lisa\Local Settings\Temp\Resource.exe
[2012/06/16 16:55:39 | 000,008,192 | -H-- | M] () -- C:\Users\Lisa\Local Settings\Temp\SkypeSetup.exe
[2011/10/24 13:51:34 | 001,592,176 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP52407.exe
[2011/10/24 14:25:20 | 001,201,944 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP52509.exe
[2011/10/21 14:58:20 | 014,931,696 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP52532.exe
[2011/10/21 12:46:31 | 009,623,848 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP53462.exe
[2011/10/20 05:31:28 | 006,543,936 | -H-- | M] (Hewlett Packard Inc ) -- C:\Users\Lisa\Local Settings\Temp\SP53794.exe
[2011/10/24 13:55:37 | 001,516,792 | -H-- | M] (InstallShield Software Corporation ) -- C:\Users\Lisa\Local Settings\Temp\SP53999.exe
[2011/10/24 14:12:29 | 003,990,312 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP54001.exe
[2011/10/24 13:58:29 | 161,811,896 | -H-- | M] (InstallShield Software Corporation ) -- C:\Users\Lisa\Local Settings\Temp\SP54246.exe
[2012/01/01 17:39:33 | 048,461,176 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\sp54373.exe
[2012/04/08 20:03:39 | 048,868,760 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\sp54620.exe
[2011/10/20 05:31:34 | 006,580,120 | -H-- | M] (Hewlett Packard Inc ) -- C:\Users\Lisa\Local Settings\Temp\SP54714.exe
[2011/11/18 16:32:32 | 163,964,813 | -H-- | M] (Hewlett-Packpard ) -- C:\Users\Lisa\Local Settings\Temp\SP54748.exe
[2011/10/24 15:05:28 | 110,369,512 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP54900.exe
[2011/11/22 21:16:35 | 005,202,680 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP55068.exe
[2012/05/17 23:33:26 | 355,441,048 | -H-- | M] (InstallShield Software Corporation ) -- C:\Users\Lisa\Local Settings\Temp\SP55092.exe
[2012/01/05 10:25:25 | 031,998,584 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP55094.exe
[2011/11/23 06:30:45 | 011,908,384 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP55101.exe
[2011/11/22 20:37:02 | 011,504,336 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP55104.exe
[2011/12/06 15:30:25 | 110,885,800 | -H-- | M] (Hewlett-Packard ) -- C:\Users\Lisa\Local Settings\Temp\SP55107.exe
[2011/12/06 08:08:16 | 003,959,824 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP55150.exe
[2012/01/05 12:36:20 | 005,305,376 | -H-- | M] (Hewlett-Packard Company ) -- C:\Users\Lisa\Local Settings\Temp\SP55151.exe
[2012/06/30 14:35:09 | 000,544,768 | -H-- | M] (Корпорация Майкрософт) -- C:\Users\Lisa\Local Settings\Temp\UAC.exe
[2011/09/09 17:07:56 | 000,449,592 | -H-- | M] (Hewlett-Packard Company) -- C:\Users\Lisa\Local Settings\Temp\UninstallHPSA.exe
[2011/06/21 15:55:12 | 000,449,592 | -H-- | M] (Hewlett-Packard Company) -- C:\Users\Lisa\Local Settings\Temp\UninstallHPTCA.exe
[2011/05/13 10:26:56 | 004,961,800 | -H-- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\vcredist_x64.exe
[259 C:\Users\Lisa\Local Settings\Temp\*.tmp files -> C:\Users\Lisa\Local Settings\Temp\*.tmp -> ]

< %USERPROFILE%\Local Settings\Temp\*.dll >
[2011/11/26 13:15:51 | 000,246,440 | -H-- | M] (Ask.com) -- C:\Users\Lisa\Local Settings\Temp\AskSLib.dll
[2011/08/28 13:52:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\dxtmsft.dll
[2011/08/28 13:52:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\dxtrans.dll
[2012/05/18 02:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\ieframe.dll
[2011/08/28 13:52:20 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\iepeers.dll
[259 C:\Users\Lisa\Local Settings\Temp\*.tmp files -> C:\Users\Lisa\Local Settings\Temp\*.tmp -> ]

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

Viele Gruesse
Lisa

markusg · 30.06.2012, 13:29

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [VeJJMGoqiUaYbjF.exe] C:\ProgramData\VeJJMGoqiUaYbjF.exe ()
[2012/06/30 14:50:03 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/30 15:07:37 | 000,000,256 | -H-- | M] () -- C:\ProgramData\8LfNrpQzPxugau
[2012/06/30 15:05:36 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugaur
[2012/06/30 15:05:36 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugau
[2012/06/30 14:49:49 | 000,255,736 | -H-- | M] () -- C:\ProgramData\8LfNrpQzPxugau.exe
[2012/06/30 14:31:20 | 000,346,872 | -H-- | M] () -- C:\ProgramData\VeJJMGoqiUaYbjF.exe

 :Files
:Commands
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
lade unhide:
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )

Suche nun
folgenden Ordner: _OTL und öffne diesen.

Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

Dies wird eine Movedfiles.zip Datei in _OTL erstellen

Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Alic · 30.06.2012, 13:56

Hallo,

vielen Dank fuer die schnelle Antwort. Ich habe die OTL Datei hochgeladen, Textdatei habe ich jedoch keine gefunden.

Viele Gruesse
Lisa

markusg · 30.06.2012, 14:19

hi, danke
bitte deaktiviere mal alles an programmen, auch internet aus, dann bitte den anweisungen folgen, bei namen, deinen nutzernamen einsetzen.
navigiere mal zu
C:\Users\name\AppData\Local\Temp
rechtsklick, mit winrar oder zip packen und dann mal über rechtsklick eigenschaften gucken wie groß das neue archiv ist
außerdem:
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache

packen und das archiv im upload channel hochladen.

Alic · 30.06.2012, 14:26

Hallo,

leider ist der Virus in der Zwischenzeit wieder gekommen... :-(
habe versucht die vorhergehenden Anweisungen zu wiederholen, aber er kommt immer wieder...

markusg · 30.06.2012, 14:28

dann erstelle nen neues otl log.
bist du in der zwischenzeit durch die gegen gesurft? dann unterlasse das bitte bis wir durch sind

Alic · 30.06.2012, 14:52

ja, sorry ertappt :-S

Hier das neue logOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/30/2012 3:45:36 PM - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.95 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 22.76% Memory free
8.70 Gb Paging File | 0.90 Gb Available in Paging File | 10.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 332.44 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
Drive D: | 14.45 Gb Total Space | 1.58 Gb Free Space | 10.92% Space Free | Partition Type: NTFS
Drive E: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 99.02 Mb Total Space | 84.75 Mb Free Space | 85.59% Space Free | Partition Type: FAT32
 
Computer Name: LISA-HP | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/06/30 15:44:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe
PRC - [2012/06/13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/06/13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/05/10 19:44:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/10 19:44:11 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/10 19:44:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/30 22:00:28 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/07/06 21:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/13 17:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/16 02:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/25 02:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/25 02:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/01/25 02:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/01/25 02:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2010/12/23 00:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/23 00:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/07/28 18:34:38 | 001,508,248 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 18:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 18:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2008/03/19 04:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/16 16:50:22 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/06/16 08:49:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/16 08:49:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/23 07:19:25 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012/05/19 21:22:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/19 21:21:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/19 21:21:37 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/19 21:21:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/19 21:21:34 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/19 21:21:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/07/28 18:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 18:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 19:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 19:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 19:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 19:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 18:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2008/03/19 04:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll
MOD - [2008/03/19 04:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll
MOD - [2008/01/09 02:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/06/08 10:32:07 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/01/07 12:05:18 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/01/07 12:05:17 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/23 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/07/14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/05/10 19:44:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/10 19:44:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/07 12:03:48 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/02/16 02:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/01/25 02:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/25 02:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/25 02:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/23 00:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/23 00:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/10/12 21:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/06/30 15:22:01 | 000,050,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\pisqhpwu.sys -- (pisqhpwu)
DRV:64bit: - [2012/06/08 10:32:12 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012/06/08 10:32:07 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/08 10:32:07 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/10 19:44:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/10 19:44:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 10:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/07 12:05:18 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/01/07 12:03:49 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/01/02 21:21:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 10:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 10:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 05:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/17 04:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/24 13:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/24 13:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/01/24 12:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/11/21 07:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 07:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 07:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 07:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 13:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/03/12 00:22:01 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 01:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 01:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 01:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 00:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/11 00:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Arabia News, Music, Movies, Careers, Autos, Sports, Finance and more on MSN Arabia.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Arabia News, Music, Movies, Careers, Autos, Sports, Finance and more on MSN Arabia.
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{CD6B93FA-E0DC-4D64-8597-5B6587173C72}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{CD6B93FA-E0DC-4D64-8597-5B6587173C72}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Arabia News, Music, Movies, Careers, Autos, Sports, Finance and more on MSN Arabia.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {49BF738E-6D39-4FAC-A8FA-B5C5D0133C07}
IE - HKCU\..\SearchScopes\{49BF738E-6D39-4FAC-A8FA-B5C5D0133C07}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{64AE9A3C-5413-4C6D-8682-F7023BF09205}: "URL" = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
 
 
O1 HOSTS File: ([2009/06/11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [VeJJMGoqiUaYbjF.exe] C:\ProgramData\VeJJMGoqiUaYbjF.exe ()
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51C1477E-97DA-40DC-9E72-DBBDB3763365}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BBC1456-6C5B-42F7-9D4F-8418F98C6090}: DhcpNameServer = 213.132.63.25 80.227.2.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/30 14:50:03 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/26 20:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/26 20:29:24 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Local\Google
[2012/06/26 20:29:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Google
[2012/06/26 20:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/26 20:29:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/26 20:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mario Forever
[2012/06/26 20:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mario Forever
[2012/06/22 10:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/06/22 10:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/06/22 10:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012/06/16 09:19:13 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Local\{D27F9FEA-32A2-4840-A4C4-F2689A9C7BE1}
[2012/06/15 06:50:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\ATI
[2012/06/08 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/08 10:33:40 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/08 10:33:39 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/06/08 10:33:38 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/08 10:33:38 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/30 15:46:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 15:12:16 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 15:12:16 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 15:10:02 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/30 15:10:02 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/30 15:10:02 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/30 15:07:37 | 000,000,256 | -H-- | M] () -- C:\ProgramData\8LfNrpQzPxugau
[2012/06/30 15:05:36 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugaur
[2012/06/30 15:05:36 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugau
[2012/06/30 15:04:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 15:03:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 15:03:40 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 14:49:49 | 000,255,736 | -H-- | M] () -- C:\ProgramData\8LfNrpQzPxugau.exe
[2012/06/30 14:31:20 | 000,346,872 | -H-- | M] () -- C:\ProgramData\VeJJMGoqiUaYbjF.exe
[2012/06/30 09:01:54 | 000,069,401 | -H-- | M] () -- C:\Users\Lisa\Desktop\Gutschein1.pdf
[2012/06/16 11:24:41 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLisa.job
[2012/06/16 08:45:32 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 10:32:21 | 001,981,696 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/06/08 10:32:21 | 000,963,116 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/08 10:32:21 | 000,963,116 | ---- | M] () -- C:\Windows\SysNative\igkrng600.bin
[2012/06/08 10:32:21 | 000,059,243 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/06/08 10:32:21 | 000,059,174 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/06/08 10:32:21 | 000,059,062 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/06/08 10:32:21 | 000,017,340 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/06/08 10:32:21 | 000,001,074 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/06/08 10:32:14 | 000,004,096 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/06/08 10:32:13 | 000,216,000 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/08 10:32:13 | 000,216,000 | ---- | M] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/06/08 10:32:12 | 013,903,872 | ---- | M] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/08 10:32:12 | 000,075,776 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2012/06/08 10:32:12 | 000,056,832 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/08 10:32:10 | 000,211,217 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/06/08 10:32:10 | 000,198,037 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/06/08 10:32:10 | 000,182,649 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/06/08 10:32:10 | 000,179,992 | ---- | M] () -- C:\Windows\SysNative\difx64.exe
[2012/06/08 10:32:10 | 000,156,192 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/06/08 10:32:10 | 000,153,129 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/06/08 10:32:10 | 000,148,981 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/06/08 10:32:10 | 000,140,212 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/06/08 10:32:10 | 000,138,707 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/06/08 10:32:10 | 000,137,840 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/06/08 10:32:10 | 000,137,641 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/06/08 10:32:10 | 000,136,584 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/06/08 10:32:10 | 000,135,654 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/06/08 10:32:10 | 000,135,357 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/06/08 10:32:10 | 000,134,821 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/06/08 10:32:10 | 000,134,407 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/06/08 10:32:10 | 000,134,373 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/06/08 10:32:10 | 000,133,841 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/06/08 10:32:10 | 000,133,683 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/06/08 10:32:10 | 000,133,381 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/06/08 10:32:10 | 000,133,149 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/06/08 10:32:10 | 000,132,887 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/06/08 10:32:10 | 000,132,785 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/06/08 10:32:10 | 000,131,840 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/06/08 10:32:10 | 000,128,998 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/06/08 10:32:10 | 000,128,802 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/06/08 10:32:10 | 000,128,542 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/06/08 10:32:10 | 000,124,056 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/06/08 10:32:10 | 000,117,657 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/06/08 10:32:10 | 000,116,368 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/06/08 10:32:08 | 001,150,656 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/06/08 10:32:08 | 001,150,656 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/08 10:32:08 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/08 10:32:08 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2012/06/08 10:32:08 | 000,034,823 | ---- | M] () -- C:\Windows\atiogl.xml
[2012/06/08 10:32:08 | 000,003,929 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
[2012/06/08 10:32:08 | 000,003,929 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
[2012/06/08 10:32:07 | 000,485,376 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/08 10:32:07 | 000,234,855 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/06/08 10:32:07 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/06/08 10:32:07 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/06/08 10:32:06 | 000,185,152 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/30 14:50:12 | 000,000,136 | -H-- | C] () -- C:\ProgramData\-8LfNrpQzPxugaur
[2012/06/30 14:50:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-8LfNrpQzPxugau
[2012/06/30 14:50:01 | 000,000,256 | -H-- | C] () -- C:\ProgramData\8LfNrpQzPxugau
[2012/06/30 14:49:49 | 000,255,736 | -H-- | C] () -- C:\ProgramData\8LfNrpQzPxugau.exe
[2012/06/30 14:33:42 | 000,346,872 | -H-- | C] () -- C:\ProgramData\VeJJMGoqiUaYbjF.exe
[2012/06/30 09:01:51 | 000,069,401 | -H-- | C] () -- C:\Users\Lisa\Desktop\Gutschein1.pdf
[2012/06/26 20:29:29 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 20:29:29 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/08 10:33:49 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/06/08 10:33:49 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/06/08 10:33:49 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/06/08 10:33:49 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/06/08 10:33:49 | 000,017,340 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/06/08 10:33:49 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/06/08 10:33:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/08 10:33:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/06/08 10:33:45 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/08 10:33:45 | 000,216,000 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/06/08 10:33:45 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/06/08 10:33:44 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012/06/08 10:33:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/08 10:33:43 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/08 10:33:43 | 000,211,217 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/06/08 10:33:43 | 000,135,357 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/06/08 10:33:43 | 000,133,841 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/06/08 10:33:43 | 000,128,998 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/06/08 10:33:43 | 000,117,657 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/06/08 10:33:43 | 000,116,368 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/06/08 10:33:42 | 000,198,037 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/06/08 10:33:42 | 000,182,649 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/06/08 10:33:42 | 000,179,992 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2012/06/08 10:33:42 | 000,156,192 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/06/08 10:33:42 | 000,153,129 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/06/08 10:33:42 | 000,148,981 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/06/08 10:33:42 | 000,140,212 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/06/08 10:33:42 | 000,138,707 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/06/08 10:33:42 | 000,137,840 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/06/08 10:33:42 | 000,137,641 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/06/08 10:33:42 | 000,136,584 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/06/08 10:33:42 | 000,135,654 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/06/08 10:33:42 | 000,134,821 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/06/08 10:33:42 | 000,134,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/06/08 10:33:42 | 000,134,373 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/06/08 10:33:42 | 000,133,683 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/06/08 10:33:42 | 000,133,381 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/06/08 10:33:42 | 000,133,149 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/06/08 10:33:42 | 000,132,887 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/06/08 10:33:42 | 000,132,785 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/06/08 10:33:42 | 000,131,840 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/06/08 10:33:42 | 000,128,802 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/06/08 10:33:42 | 000,128,542 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/06/08 10:33:42 | 000,124,056 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/06/08 10:33:41 | 001,150,656 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/06/08 10:33:40 | 001,150,656 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/08 10:33:40 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/06/08 10:33:40 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2012/06/08 10:33:39 | 000,034,823 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/06/08 10:33:38 | 000,234,855 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/06/08 10:33:36 | 000,185,152 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/01/02 21:22:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/06 10:40:38 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/28 13:54:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/28 13:46:04 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/08/28 13:45:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2011/11/14 20:27:27 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\AMS
[2012/04/30 07:15:22 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Canon
[2012/04/03 11:09:27 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoft
[2011/11/08 18:57:02 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/05 07:58:48 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Panda Security
[2011/12/02 14:47:50 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\pdfforge
[2012/06/30 14:46:07 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\SoftGrid Client
[2011/10/14 21:40:30 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Synaptics
[2011/11/06 10:41:34 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\TP
[2012/05/23 07:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Lisa\AppData\Roaming\Windows Live Writer
[2012/01/29 08:12:32 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/01/13 16:17:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/06/22 10:51:13 | 000,000,000 | -HSD | M] -- C:\boot
[2009/07/14 09:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/08/28 14:02:21 | 000,000,000 | -H-D | M] -- C:\HP
[2011/08/28 13:44:05 | 000,000,000 | -H-D | M] -- C:\Intel
[2011/11/06 10:47:01 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 07:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/06/26 20:29:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/06/26 20:41:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/06/30 14:50:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/10/14 21:33:23 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/06/08 10:32:44 | 000,000,000 | -H-D | M] -- C:\SWSetup
[2012/06/30 15:50:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/10/14 21:33:29 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/11/05 07:58:20 | 000,000,000 | -H-D | M] -- C:\temp
[2011/10/14 21:32:30 | 000,000,000 | R--D | M] -- C:\Users
[2012/06/15 06:49:13 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 05:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 05:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 05:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 05:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 09:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 10:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 07:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 07:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys
[2011/01/13 05:51:44 | 000,439,320 | -H-- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\SWSetup\Drivers\IRST\Drivers\x64\iaStor.sys
[2011/01/13 05:44:08 | 000,355,352 | -H-- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\SWSetup\Drivers\IRST\Drivers\x32\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 07:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 07:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 10:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 10:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 10:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 10:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 07:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 07:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 07:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 07:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 10:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 10:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 10:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 10:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 07:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 07:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 07:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 07:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 07:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 07:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 07:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 07:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 07:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 07:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 07:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 07:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 07:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 07:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 07:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 07:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 04:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 04:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012/06/30 15:46:45 | 002,883,584 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT
[2012/06/30 15:46:45 | 000,262,144 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG1
[2011/10/14 21:32:31 | 000,000,000 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG2
[2011/10/14 21:48:00 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/10/14 21:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/10/14 21:48:00 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/10/14 21:32:31 | 000,000,020 | -HS- | M] () -- C:\Users\Lisa\ntuser.ini
[2012/04/30 07:15:22 | 000,000,000 | -H-- | M] () -- C:\Users\Lisa\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
[2008/10/15 22:42:52 | 000,050,432 | -H-- | M] () -- C:\Users\Lisa\Local Settings\Temp\Extract.exe
[2012/06/26 20:28:57 | 002,376,368 | -H-- | M] (Google Inc.) -- C:\Users\Lisa\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe
[2011/10/19 08:21:31 | 000,909,088 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Users\Lisa\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
[2012/02/20 19:45:21 | 000,909,600 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Users\Lisa\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
[2009/02/09 21:07:44 | 000,775,504 | -H-- | M] (CANON INC.) -- C:\Users\Lisa\Local Settings\Temp\MSETUP4.EXE
[2011/02/04 18:20:12 | 000,088,120 | -H-- | M] (Hewlett-Packard Company) -- C:\Users\Lisa\Local Settings\Temp\Resource.exe
[2012/06/16 16:55:39 | 000,008,192 | -H-- | M] () -- C:\Users\Lisa\Local Settings\Temp\SkypeSetup.exe
[2011/10/24 13:51:34 | 001,592,176 | -H-- | M] (Hewlett-Packard                                             ) -- C:\Users\Lisa\Local Settings\Temp\SP52407.exe
[2011/10/24 14:25:20 | 001,201,944 | -H-- | M] (Hewlett-Packard                                             ) -- C:\Users\Lisa\Local Settings\Temp\SP52509.exe
[2011/10/21 14:58:20 | 014,931,696 | -H-- | M] (Hewlett-Packard Company                                     ) -- C:\Users\Lisa\Local Settings\Temp\SP52532.exe
[2011/10/21 12:46:31 | 009,623,848 | -H-- | M] (Hewlett-Packard                                             ) -- C:\Users\Lisa\Local Settings\Temp\SP53462.exe
[2011/10/20 05:31:28 | 006,543,936 | -H-- | M] (Hewlett Packard Inc                                         ) -- C:\Users\Lisa\Local Settings\Temp\SP53794.exe
[2011/10/24 13:55:37 | 001,516,792 | -H-- | M] (InstallShield Software Corporation                          ) -- C:\Users\Lisa\Local Settings\Temp\SP53999.exe
[2011/10/24 14:12:29 | 003,990,312 | -H-- | M] (Hewlett-Packard Company                                     ) -- C:\Users\Lisa\Local Settings\Temp\SP54001.exe
[2011/10/24 13:58:29 | 161,811,896 | -H-- | M] (InstallShield Software Corporation                          ) -- C:\Users\Lisa\Local Settings\Temp\SP54246.exe
[2012/01/01 17:39:33 | 048,461,176 | -H-- | M] (Hewlett-Packard                                             ) -- C:\Users\Lisa\Local Settings\Temp\sp54373.exe
[2012/04/08 20:03:39 | 048,868,760 | -H-- | M] (Hewlett-Packard                                             ) -- C:\Users\Lisa\Local Settings\Temp\sp54620.exe
[2011/10/20 05:31:34 | 006,580,120 | -H-- | M] (Hewlett Packard Inc                                         ) -- C:\Users\Lisa\Local Settings\Temp\SP54714.exe
[2011/11/18 16:32:32 | 163,964,813 | -H-- | M] (Hewlett-Packpard                                            ) -- C:\Users\Lisa\Local Settings\Temp\SP54748.exe
[2011/10/24 15:05:28 | 110,369,512 | -H-- | M] (Hewlett-Packard Company                                     ) -- C:\Users\Lisa\Local Settings\Temp\SP54900.exe
[2011/11/22 21:16:35 | 005,202,680 | -H-- | M] (Hewlett-Packard Company                                     ) -- C:\Users\Lisa\Local Settings\Temp\SP55068.exe
[2012/05/17 23:33:26 | 355,441,048 | -H-- | M] (InstallShield Software Corporation                          ) -- C:\Users\Lisa\Local Settings\Temp\SP55092.exe
[2012/01/05 10:25:25 | 031,998,584 | -H-- | M] (Hewlett-Packard                                             ) -- C:\Users\Lisa\Local Settings\Temp\SP55094.exe
[2011/11/23 06:30:45 | 011,908,384 | -H-- | M] (Hewlett-Packard                                             ) -- C:\Users\Lisa\Local Settings\Temp\SP55101.exe
[2011/11/22 20:37:02 | 011,504,336 | -H-- | M] (Hewlett-Packard                                             ) -- C:\Users\Lisa\Local Settings\Temp\SP55104.exe
[2011/12/06 15:30:25 | 110,885,800 | -H-- | M] (Hewlett-Packard                                             ) -- C:\Users\Lisa\Local Settings\Temp\SP55107.exe
[2011/12/06 08:08:16 | 003,959,824 | -H-- | M] (Hewlett-Packard Company                                     ) -- C:\Users\Lisa\Local Settings\Temp\SP55150.exe
[2012/01/05 12:36:20 | 005,305,376 | -H-- | M] (Hewlett-Packard Company                                     ) -- C:\Users\Lisa\Local Settings\Temp\SP55151.exe
[2012/06/30 14:35:09 | 000,544,768 | -H-- | M] (Корпорация Майкрософт) -- C:\Users\Lisa\Local Settings\Temp\UAC.exe
[2011/09/09 17:07:56 | 000,449,592 | -H-- | M] (Hewlett-Packard Company) -- C:\Users\Lisa\Local Settings\Temp\UninstallHPSA.exe
[2011/06/21 15:55:12 | 000,449,592 | -H-- | M] (Hewlett-Packard Company) -- C:\Users\Lisa\Local Settings\Temp\UninstallHPTCA.exe
[2011/05/13 10:26:56 | 004,961,800 | -H-- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\vcredist_x64.exe
[259 C:\Users\Lisa\Local Settings\Temp\*.tmp files -> C:\Users\Lisa\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
[2011/11/26 13:15:51 | 000,246,440 | -H-- | M] (Ask.com) -- C:\Users\Lisa\Local Settings\Temp\AskSLib.dll
[2011/08/28 13:52:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\dxtmsft.dll
[2011/08/28 13:52:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\dxtrans.dll
[2012/05/18 02:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\ieframe.dll
[2011/08/28 13:52:20 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Users\Lisa\Local Settings\Temp\iepeers.dll
[259 C:\Users\Lisa\Local Settings\Temp\*.tmp files -> C:\Users\Lisa\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

markusg · 30.06.2012, 15:07

hi
und dann noch am besten illegalen müll wie kinox.to und andere streams, wo man am laufenden band malware findet.
finger weg von solchem misst
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [VeJJMGoqiUaYbjF.exe] C:\ProgramData\VeJJMGoqiUaYbjF.exe ()
[2012/06/30 14:50:03 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/30 15:07:37 | 000,000,256 | -H-- | M] () -- C:\ProgramData\8LfNrpQzPxugau
[2012/06/30 15:05:36 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugaur
[2012/06/30 15:05:36 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-8LfNrpQzPxugau
[2012/06/30 14:49:49 | 000,255,736 | -H-- | C] () -- C:\ProgramData\8LfNrpQzPxugau.exe
[2012/06/30 14:33:42 | 000,346,872 | -H-- | C] () -- C:\ProgramData\VeJJMGoqiUaYbjF.exe
 :Files
:Commands
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
jetzt führst du unhide aus, packst, wie beschrieben den temp ordner, postest die größe.
dann den java cache packen und hochladen.

markusg · 30.06.2012, 15:35

wie gesagt, den java cache packen und den temp ordner.
beim temp ordner archiv dann erst mal bescheid geben wie groß, java cache hochladen

Alic · 30.06.2012, 15:43

den Java Cache habe ich hochgeladen, die OTS Datei auch noch mal, aber ich habe Probleme mit dem Temp Ordner Archiv. Kann es nicht packen, da Dateien in Verwendung. Ich habe jedoch alle Programme geschlossen (bis auf Skype, das kann ich aus irgendeinem Grund nicht schliessen)

markusg · 30.06.2012, 17:18

lässt sich das archiv trotzdem erstellen wenn du die fehlermeldungen mit ok bestätigst?

Alic · 30.06.2012, 17:42

Nein, es tut erst so als wuerde es erstellen (legt die zip Datei an), aber wenn ich auf OK druecken, loescht es diese wieder

markusg · 30.06.2012, 17:43

ok, hab schon den warscheinlichen übeltäter identifiziert und an antimalware firmen gemeldet

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Alic · 30.06.2012, 18:10

Ok, hier die Datei

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-30.01 - Lisa 30.06.2012  20:52:40.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1033.18.4044.2039 [GMT 4:00]
ausgeführt von:: c:\users\Lisa\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\klvBNNbz0RO702
c:\programdata\klvBNNbz0RO702.exe
c:\programdata\Roaming
c:\programdata\UcRvpnRyCbmfJu.exe
c:\users\Lisa\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Lisa\Favorites\groupon.url
c:\windows\system32\drivers\etc\lmhosts
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-30  ))))))))))))))))))))))))))))))
.
.
2012-06-30 16:56 . 2012-06-30 16:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-30 12:37 . 2012-06-30 14:27	--------	d-----w-	C:\_OTL
2012-06-29 16:00 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7E92767-E4C6-4C58-90B3-1213657A0423}\mpengine.dll
2012-06-26 16:29 . 2012-06-26 16:29	--------	d-----w-	c:\program files\Google
2012-06-26 16:29 . 2012-06-26 16:29	--------	d-----w-	c:\users\Lisa\AppData\Local\Google
2012-06-26 16:29 . 2012-06-26 16:29	--------	d-----w-	c:\program files (x86)\Google
2012-06-26 16:29 . 2012-06-26 16:29	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-26 16:29 . 2012-06-26 16:29	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-26 16:29 . 2012-06-26 16:29	--------	d-----w-	c:\windows\system32\Macromed
2012-06-26 16:01 . 2012-06-26 16:01	--------	d-----w-	c:\program files (x86)\Mario Forever
2012-06-23 04:28 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-23 04:28 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-23 04:28 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-23 04:28 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-23 04:27 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-23 04:27 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-23 04:27 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-23 04:27 . 2012-06-02 11:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-23 04:27 . 2012-06-02 11:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-22 06:13 . 2012-06-22 06:13	--------	d-----w-	c:\program files (x86)\Application Updater
2012-06-22 06:13 . 2012-06-22 06:13	--------	d-----w-	c:\program files (x86)\pdfforge Toolbar
2012-06-22 06:13 . 2012-06-22 06:13	--------	d-----w-	c:\program files (x86)\Common Files\Spigot
2012-06-15 12:29 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-15 02:50 . 2012-06-15 02:50	--------	d-----w-	c:\programdata\ATI
2012-06-08 06:38 . 2012-06-08 06:38	--------	d-----w-	c:\program files (x86)\AMD APP
2012-06-02 05:11 . 2012-06-02 05:11	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 06:32 . 2011-08-28 09:45	62464	----a-w-	c:\windows\system32\igfxsrvc.dll
2012-06-08 06:32 . 2011-08-28 09:45	9014784	----a-w-	c:\windows\system32\igfxress.dll
2012-06-08 06:32 . 2011-08-28 09:45	390144	----a-w-	c:\windows\system32\igfxdev.dll
2012-06-08 06:32 . 2011-08-28 09:45	8311808	----a-w-	c:\windows\system32\igdumd64.dll
2012-06-08 06:32 . 2011-08-28 09:45	6322688	----a-w-	c:\windows\SysWow64\igdumd32.dll
2012-06-08 06:32 . 2011-08-28 09:45	12339712	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-06-08 06:32 . 2011-08-28 09:45	110080	----a-w-	c:\windows\system32\hccutils.dll
2012-06-08 06:32 . 2011-08-28 09:45	58880	----a-w-	c:\windows\system32\coinst.dll
2012-06-08 06:32 . 2011-08-28 09:45	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2012-06-08 06:32 . 2011-08-28 09:45	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-06-08 06:32 . 2011-08-28 09:44	5399040	----a-w-	c:\windows\system32\atiumd64.dll
2012-06-08 06:32 . 2011-08-28 09:44	4256768	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-06-08 06:32 . 2011-08-28 09:44	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2012-06-08 06:32 . 2011-08-28 09:44	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-06-08 06:32 . 2011-08-28 09:44	852992	----a-w-	c:\windows\system32\aticfx64.dll
2012-06-08 06:32 . 2011-08-28 09:44	726528	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-06-08 06:32 . 2011-08-28 09:44	4198912	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-05-10 15:44 . 2011-11-26 09:23	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-10 15:44 . 2011-11-26 09:23	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 06:51 . 2012-05-05 06:51	0	----a-w-	c:\windows\SysWow64\sho18EC.tmp
2012-04-27 15:47 . 2012-04-27 15:47	0	----a-w-	c:\windows\SysWow64\shoEFA6.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-10 348624]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2011-06-09 239336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-30 343168]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-13 1088904]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 cufgfeed;cufgfeed;c:\windows\system32\drivers\cufgfeed.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-07 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-08 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-10 86224]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-13 792512]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-07 2413056]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-08 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-08 310272]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-06-08 12289472]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-07 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2010-03-11 291352]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 16:29]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 16:29]
.
2012-06-16 c:\windows\Tasks\HPCeeScheduleForLisa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-07 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-08 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-UcRvpnRyCbmfJu.exe - c:\programdata\UcRvpnRyCbmfJu.exe
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-30  21:01:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-30 17:01
.
Vor Suchlauf: 361.938.345.984 bytes free
Nach Suchlauf: 363.060.101.120 bytes free
.
- - End Of File - - 9BD3D15D898BCC62369044F2443563B7

--- --- ---

markusg · 30.06.2012, 18:13

bist du schon wieder irgendwo rumm gesurft, streaming seiten etc?

30.06.2012, 14:28	#6
markusg /// Malware-holic	Smart HDD Virus eingefangen dann erstelle nen neues otl log. bist du in der zwischenzeit durch die gegen gesurft? dann unterlasse das bitte bis wir durch sind __________________ --> Smart HDD Virus eingefangen

30.06.2012, 18:13	#15
markusg /// Malware-holic	Smart HDD Virus eingefangen bist du schon wieder irgendwo rumm gesurft, streaming seiten etc? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Smart HDD Virus eingefangen

Plagegeister aller Art und deren Bekämpfung: Smart HDD Virus eingefangen