| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: viren fund auf dem laptopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.10.2012, 08:02
| #1 |
 |  viren fund auf dem laptop hallo bei mir kommt zur zeit immer eine viren fund meldung durch die avira software wenn ich auf entfernen klicke kommt sie nach ein paar minuten wieder wie kann ich den virus loswerden bitte um hilfe gruß kai |
|
10.10.2012, 08:12
| #2 |
| /// Malwareteam    | viren fund auf dem laptop Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:
__________________An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten? Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues! Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!
__________________ |
|
10.10.2012, 11:22
| #3 |
| | viren fund auf dem laptop hallo
__________________der defogger geht nicht defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:16 on 10/10/2012 (cocco) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ---------------------------------------------------------------- der ole scannOTL Logfile: Code:
ATTFilter OTL logfile created on: 10.10.2012 12:06:13 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cocco\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,74% Memory free 7,73 Gb Paging File | 6,12 Gb Available in Paging File | 79,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 254,14 Gb Total Space | 192,75 Gb Free Space | 75,84% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 27,80 Gb Free Space | 95,87% Space Free | Partition Type: NTFS Computer Name: PC-PC | User Name: cocco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\cocco\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe () SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited) SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (Sunbelt Software, Inc.) DRV:64bit: - (SbTis) -- C:\Windows\SysNative\drivers\sbtis.sys (Sunbelt Software, Inc.) DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (Sunbelt Software, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.) DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\drivers\SMIksdrv.sys (SMI) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo) DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de/?rvr_id=249600547409&clk_rvr_id=249600547409&crlp=8429659726_477281_477301&UA=%3F*F%3F&GUID=574602aa1310a479ed833623ff42dd80&agid=2013570406&tm_kw=ebay&siteid=77&MT_ID=1324&tt_encode=raw&keyword=ebay&geo_id=6631&ff4=477281_477301|hxxp://www.t-online.de/|hxxp://de.yahoo.com/" FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3 FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.03 16:51:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 09:56:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.21 14:25:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 09:56:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.21 14:25:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.03 16:51:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 09:56:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.21 14:25:39 | 000,000,000 | ---D | M] [2011.07.23 15:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\Extensions [2012.09.16 07:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions [2012.07.07 15:22:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.08.26 13:19:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.26 12:17:00 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.09.16 07:53:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\ich@maltegoetz.de [2012.07.25 16:02:53 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\firefox\profiles\85ly5gs5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.07.07 14:58:26 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\firefox\profiles\85ly5gs5.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012.08.22 05:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.09 09:56:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.09 09:56:34 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2007.04.10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2012.04.06 08:59:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.03.12 16:52:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012.03.12 16:52:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012.03.12 16:52:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012.03.12 16:52:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012.03.12 16:52:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012.03.12 16:52:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012.03.12 16:52:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 09:56:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.09 09:56:02 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.04.10 19:54:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\.DEFAULT..\RunOnce: [WLStart] C:\Program Files (x86)\Windows Live\Installer\wlstart.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [WLStart] C:\Program Files (x86)\Windows Live\Installer\wlstart.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-Disabled: New Application = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) O7 - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D41D7E-9D16-4775-80A6-B9D1A0875CF8}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9AC4254-765A-4B65-B82D-A72069B93558}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC61E5D9-B1D5-40BE-A003-2DFDE213449C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 09:17:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\cocco\Desktop\OTL.exe [2012.10.10 06:01:46 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012.10.10 06:01:43 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012.10.10 06:01:43 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012.10.10 06:01:23 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2012.10.10 06:01:23 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2012.10.10 06:01:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2012.10.10 06:01:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2012.10.10 06:01:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2012.10.10 06:01:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2012.10.10 06:01:15 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2012.10.10 06:01:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2012.10.10 06:01:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2012.10.10 06:01:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2012.10.10 06:01:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2012.10.10 06:01:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 06:01:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 06:01:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 06:01:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 06:01:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2012.10.10 06:01:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 06:01:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 06:01:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 06:01:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 06:01:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 06:01:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 06:01:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 06:01:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 06:01:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 06:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 06:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 06:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 06:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 06:01:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 06:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 06:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 06:01:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 06:01:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 06:01:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 06:01:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 06:01:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 06:01:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 06:01:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 06:01:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 06:01:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 06:01:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 06:01:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 06:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 06:01:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 06:00:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 06:00:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 06:00:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 06:00:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 06:00:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 06:00:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 06:00:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 06:00:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 06:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 06:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 06:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 06:00:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 06:00:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 06:00:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 06:00:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 06:00:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 06:00:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 06:00:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 06:00:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 06:00:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 06:00:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 06:00:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 06:00:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 06:00:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2012.10.10 05:58:28 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012.10.10 05:55:49 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012.10.10 05:55:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012.10.10 00:27:19 | 002,405,664 | ---- | C] (Trend Micro Inc.) -- C:\Users\cocco\Desktop\HousecallLauncher64.exe [2012.10.02 09:20:20 | 000,000,000 | ---D | C] -- C:\Users\cocco\Documents\posterXXL.de Bestellsoftware projects [2012.09.27 17:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Openmtbmap [2012.09.26 09:22:47 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe [2012.09.25 21:40:31 | 000,000,000 | ---D | C] -- C:\Users\cocco\Documents\Mein Garmin [2012.09.23 03:53:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.09.23 03:53:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.09.23 03:53:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.09.23 03:53:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.09.23 03:53:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.09.23 03:53:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.09.23 03:53:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.09.23 03:53:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.09.23 03:53:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.09.23 03:53:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.09.23 03:53:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.09.23 03:53:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.09.23 03:53:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.09.23 03:53:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.09.23 03:53:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.09.12 12:50:13 | 000,000,000 | ---D | C] -- C:\Users\cocco\Desktop\119___03 [2012.09.12 09:22:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys [2012.09.12 09:22:44 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll [2012.09.12 09:22:41 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys [2012.09.12 09:22:41 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS [2 C:\Users\cocco\Desktop\*.tmp files -> C:\Users\cocco\Desktop\*.tmp -> ] [1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.10 11:33:00 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.10 11:26:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.10.10 09:36:06 | 000,302,592 | ---- | M] () -- C:\Users\cocco\Desktop\d0rwlbyl.exe [2012.10.10 09:17:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cocco\Desktop\OTL.exe [2012.10.10 09:16:39 | 000,000,000 | ---- | M] () -- C:\Users\cocco\defogger_reenable [2012.10.10 09:14:41 | 000,050,477 | ---- | M] () -- C:\Users\cocco\Desktop\Defogger.exe [2012.10.10 08:27:53 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 08:27:53 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 08:21:18 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.10 08:21:15 | 000,000,326 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job [2012.10.10 08:19:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.10.10 07:59:27 | 007,111,590 | ---- | M] () -- C:\Users\cocco\AppData\Local\census.cache [2012.10.10 07:58:45 | 000,118,033 | ---- | M] () -- C:\Users\cocco\AppData\Local\ars.cache [2012.10.10 07:42:39 | 569,679,413 | ---- | M] () -- C:\windows\MEMORY.DMP [2012.10.10 00:47:32 | 000,000,058 | ---- | M] () -- C:\Users\cocco\AppData\Roaming\mbam.context.scan [2012.10.10 00:27:41 | 002,405,664 | ---- | M] (Trend Micro Inc.) -- C:\Users\cocco\Desktop\HousecallLauncher64.exe [2012.10.09 19:15:03 | 001,500,294 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.10.09 19:15:03 | 000,654,852 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.10.09 19:15:03 | 000,616,694 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.10.09 19:15:03 | 000,130,434 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.10.09 19:15:03 | 000,106,816 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.10.09 17:27:06 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.10.09 17:27:05 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.06 19:19:13 | 001,274,224 | ---- | M] () -- C:\Users\cocco\Desktop\Attachments_2012_10_6.zip [2012.10.04 11:40:06 | 000,011,462 | ---- | M] () -- C:\Users\cocco\Desktop\Unbenannt 1.odt [2012.10.04 11:39:49 | 000,018,011 | ---- | M] () -- C:\Users\cocco\Unbenannt 2.odt [2012.10.03 08:40:06 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif [2012.10.02 09:28:43 | 089,088,709 | ---- | M] () -- C:\Users\cocco\mäxle2.xpp [2012.10.02 09:23:36 | 089,087,586 | ---- | M] () -- C:\Users\cocco\mäxle2.bak [2012.10.02 09:15:37 | 082,145,412 | ---- | M] () -- C:\Users\cocco\mäxle.xpp [2012.10.02 09:10:56 | 082,145,393 | ---- | M] () -- C:\Users\cocco\mäxle.bak [2012.09.29 19:21:40 | 000,012,800 | ---- | M] () -- C:\Users\cocco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.27 17:50:57 | 000,005,672 | ---- | M] () -- C:\Users\cocco\borderline.gdb [2012.09.19 19:43:02 | 000,001,402 | ---- | M] () -- C:\Users\cocco\Desktop\Free YouTube to MP3 Converter.lnk [2012.09.18 16:16:47 | 000,244,612 | ---- | M] () -- C:\windows\hpoins19.dat [2012.09.18 15:42:19 | 000,244,612 | ---- | M] () -- C:\windows\hpoins19.dat.temp [2012.09.12 11:09:58 | 000,012,341 | ---- | M] () -- C:\Users\cocco\Desktop\sbk.odt [2 C:\Users\cocco\Desktop\*.tmp files -> C:\Users\cocco\Desktop\*.tmp -> ] [1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.10 09:36:04 | 000,302,592 | ---- | C] () -- C:\Users\cocco\Desktop\d0rwlbyl.exe [2012.10.10 09:16:39 | 000,000,000 | ---- | C] () -- C:\Users\cocco\defogger_reenable [2012.10.10 09:14:40 | 000,050,477 | ---- | C] () -- C:\Users\cocco\Desktop\Defogger.exe [2012.10.10 07:16:23 | 569,679,413 | ---- | C] () -- C:\windows\MEMORY.DMP [2012.10.10 00:47:10 | 000,000,058 | ---- | C] () -- C:\Users\cocco\AppData\Roaming\mbam.context.scan [2012.10.06 19:19:11 | 001,274,224 | ---- | C] () -- C:\Users\cocco\Desktop\Attachments_2012_10_6.zip [2012.10.04 11:30:47 | 000,018,011 | ---- | C] () -- C:\Users\cocco\Unbenannt 2.odt [2012.10.02 09:23:30 | 089,088,709 | ---- | C] () -- C:\Users\cocco\mäxle2.xpp [2012.10.02 09:23:30 | 089,087,586 | ---- | C] () -- C:\Users\cocco\mäxle2.bak [2012.09.27 17:50:56 | 000,005,672 | ---- | C] () -- C:\Users\cocco\borderline.gdb [2012.09.25 11:21:13 | 082,145,412 | ---- | C] () -- C:\Users\cocco\mäxle.xpp [2012.09.25 11:21:13 | 082,145,393 | ---- | C] () -- C:\Users\cocco\mäxle.bak [2012.09.19 19:43:02 | 000,001,402 | ---- | C] () -- C:\Users\cocco\Desktop\Free YouTube to MP3 Converter.lnk [2012.09.18 15:03:04 | 000,244,612 | ---- | C] () -- C:\windows\hpoins19.dat.temp [2012.09.18 15:03:04 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat.temp [2012.09.12 11:09:57 | 000,012,341 | ---- | C] () -- C:\Users\cocco\Desktop\sbk.odt [2012.08.18 20:20:41 | 000,368,159 | ---- | C] () -- C:\Users\cocco\optimale_sitzposition.pdf [2012.07.29 19:48:35 | 007,111,590 | ---- | C] () -- C:\Users\cocco\AppData\Local\census.cache [2012.07.29 19:38:11 | 000,118,033 | ---- | C] () -- C:\Users\cocco\AppData\Local\ars.cache [2012.07.14 08:52:18 | 003,296,317 | ---- | C] () -- C:\Users\cocco\Scannen0001.jpg [2012.06.21 16:34:27 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini [2012.05.05 09:59:23 | 000,883,840 | ---- | C] () -- C:\Users\cocco\Avira-DE100-Cleaner.exe [2012.04.10 19:44:47 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012.04.10 19:44:47 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012.04.10 19:44:47 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012.04.10 19:44:47 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012.04.10 19:44:47 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012.04.06 10:35:11 | 000,000,036 | ---- | C] () -- C:\Users\cocco\AppData\Local\housecall.guid.cache [2012.02.25 07:24:22 | 000,000,000 | ---- | C] () -- C:\Users\cocco\AppData\Local\{8A30A419-CD73-4841-822B-31045D1742DD} [2012.01.22 02:54:14 | 000,000,024 | ---- | C] () -- C:\Users\cocco\AppData\Roaming\xpy.ini [2012.01.01 14:42:21 | 000,001,243 | ---- | C] () -- C:\Users\cocco\DVDVideoSoft Free Studio.lnk [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011.12.03 16:46:10 | 000,244,612 | ---- | C] () -- C:\windows\hpoins19.dat [2011.12.03 16:46:10 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat [2011.08.13 18:53:59 | 000,012,800 | ---- | C] () -- C:\Users\cocco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.26 09:06:18 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat [2011.04.26 09:06:18 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat [2010.12.17 11:45:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.12.17 11:41:54 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys [2010.12.17 06:04:23 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE [2010.12.16 22:42:45 | 001,529,464 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010.11.25 23:01:28 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.11.20 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\.minecraft [2012.04.07 15:25:13 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Ad-Aware Antivirus [2012.08.30 13:35:02 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Audacity [2011.07.23 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\CheckPoint [2012.09.19 19:43:11 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\DVDVideoSoft [2012.08.26 13:19:22 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.04 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Garmin [2012.05.12 06:58:31 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\GlarySoft [2012.09.02 17:54:45 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\IrfanView [2012.09.21 10:32:57 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Mobile Partner [2012.09.08 09:14:53 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\OpenCandy [2011.11.08 20:22:06 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\OpenOffice.org [2012.01.16 14:18:00 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Samsung [2012.10.02 15:18:13 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\SoftGrid Client [2012.04.28 09:02:22 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Spyware Terminator [2011.12.10 08:55:13 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\TuneUp Software [2012.04.07 16:49:57 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} ========== Purity Check ========== < End of report > ------------------------------------------------------------------------ und der GMER findet nix gruß kai OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.10.2012 12:31:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 66,58% Memory free
7,73 Gb Paging File | 6,45 Gb Available in Paging File | 83,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 192,81 Gb Free Space | 75,87% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 27,80 Gb Free Space | 95,87% Space Free | Partition Type: NTFS
Computer Name: PC-PC | User Name: cocco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E8F35D4-A1BC-4DA6-BA89-96A027279590}" = rport=139 | protocol=6 | dir=out | app=system |
"{1562BBA5-5B3B-4E9D-9751-6FFB80D29E02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D35F81D-EA64-4FB4-8B3E-B20A1A08F592}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24064D47-FE02-4ED6-8DC2-8FC5A6C7D84B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2B349BD8-4EF3-47BD-8B31-B4290878A9E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{33946CE4-9E74-4EF8-BCDB-6FDD946E36F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{36059024-BB0E-49EE-BEE5-7BC519890FB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B848BD3-01EC-437B-B594-CDF6E2A01E89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55972CEA-BFD1-40CF-8C62-A9042FED240B}" = rport=137 | protocol=17 | dir=out | app=system |
"{60FC71A0-5130-46B3-833D-43B749DBC330}" = lport=10243 | protocol=6 | dir=in | app=system |
"{709AD5FA-DF08-46A5-A89A-542369E49016}" = lport=445 | protocol=6 | dir=in | app=system |
"{8837E5AF-4439-42D1-9680-9B64525B620C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C93196B-90AF-42BA-A7F7-8CEB2FB589E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FD52752-6B91-4113-969F-C7792DDB78F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADE5C945-F2B1-4CA5-9C0E-E20093FEF599}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE88CEEA-4CDB-4810-8E80-E8FBDF5A9520}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4A36BB3-A089-4F4E-A675-B2B25B6DF8E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B541E624-9CFF-49C5-AE04-E940D62020F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9E3250E-D88E-4B12-9044-2E9A7CADF883}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3FDF14D-E781-4540-A036-DF5C4A38535D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E503B238-5088-4844-B580-98178FFD83D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{E630FD68-F94C-4A51-9B99-ADF62E6C0758}" = rport=445 | protocol=6 | dir=out | app=system |
"{E9A695CA-A309-4776-ABB1-2AB4E0297D77}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA162D60-1A14-4AF4-ADE9-EB4A7E540BC4}" = rport=138 | protocol=17 | dir=out | app=system |
"{F16367C3-CBEC-4405-8F4E-8E16B3BAA5E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ABA33C-8026-4351-AA9A-861D1EE8F68B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{03D07422-B634-4FA9-9AE4-E7E530726046}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{069D1163-8461-472E-9A2A-45EEFD4FB618}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0778C272-DC47-4E9E-A600-1E167FBF93E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10EDECD9-BABC-4952-A323-37F4A143EA9D}" = protocol=6 | dir=out | app=system |
"{1849FC57-5357-4CF8-B614-0728406D2460}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{1BF05FFD-C7F4-46E8-9B3A-499426443E75}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{23A4C698-6E7F-41DE-B336-FF14EDE708AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{25BF1B9D-E54F-4AF5-87B8-1BD96B51F2AD}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{284BFFCA-F209-47B9-81B1-F85EC28E4B27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28EEA7B0-0011-4543-945F-9E9FD8A44D44}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{295C0200-ADCB-403B-A7E1-F303E7C37779}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2B5AC8E2-4A36-4BD4-A7FF-D8FAB4992714}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30B0186F-DA10-406E-BA02-038AD4DD3F91}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{3238C20A-09BB-4FF5-B612-E8124B8D379C}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{38B7CE82-06EA-4D91-8F3F-E7CFA3BEFF92}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{38EEDF7A-342B-448B-917E-2DE8C4793931}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{3991F1FB-CF35-4B9C-8DED-6ACBBA783C9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{3BCB8396-BB13-4C21-B3A5-94F21325479D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{40A41657-71E9-4CFB-9313-7BF96C03391D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{447FEA31-A1E1-40EA-BC6B-25EBA663C5DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{44E74DDE-F266-47C8-825F-A3F0F6260336}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{45CD5E2C-5357-48F0-B4D2-33C156DE105C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51B4790D-A5D1-4966-B38C-3CEDD13EF6BF}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{522267BA-A140-4590-8D5A-21B7FC430DD4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{612D005A-49DC-4CCA-BB30-1BE37B2200CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{67616116-2203-421B-B5E6-1B93357B9354}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69B3999B-D8DA-4453-9004-8C4785012092}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{6FEB80F7-AF6F-4D1C-9553-04652F6EAA88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{71E50892-B105-4B4B-87FE-4BC942994B96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{731DD34C-B497-4E70-858C-3F703017582D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74473971-71E8-4B42-BAD4-21C0400924AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A6BC6DA-B245-442C-9D48-BA30E498D830}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{7C0499F6-9603-4853-B1D8-CF5078C74664}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{7C8A03E9-B030-42F8-A3BC-C618E9027F51}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{831F1821-D78B-4954-8A9A-4EF2FCA3E885}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{84065740-F0A9-425E-9386-73231F1F1FB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{98981F44-E566-49FB-9557-8385F4434C43}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B42B00D-962C-49F6-B680-9AB4B6F4A646}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{9C07578B-E88B-40AA-AFFA-65C4BAD5773B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F7AAA23-AC6D-4C45-80DD-85FD033F40D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{A6DD3B24-5727-4007-BAE3-0595EB0399CA}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{A7E39AE4-8D4B-418B-9C24-62BC545EF113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF543200-B200-47E9-BB5A-E02B6692223B}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{B0FF2664-9C18-4382-A44D-DC0A3E52A996}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{B111ECEA-338E-441F-BC20-A0099D2FD799}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B27C7900-AB00-424C-B8E1-EAA22C61037A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B495F9A8-1EB8-41F8-8EE7-BE01936C4EAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{B5D49F7A-CC2E-432B-BB7F-3DE73A1AD8F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B9735DC3-3D6B-4568-9548-CC0BCAD8AADA}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{BABEA0C3-78D8-4C34-8FA9-2863A4AD5F66}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C7AAB971-3CA4-407D-A472-3920E823A526}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{C90CB032-4AEF-4B88-862F-94D1F5F0019F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{CA741657-16F4-4CA0-AD11-9E8DD72F1156}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1E9B6CB-390E-4452-9405-E7CCD15CA502}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D74A44EF-932A-4F71-8B87-A6D7D4243FE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{D816829C-9615-42A0-81EF-D6027DFA7C4A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D93EAB69-9294-4F5D-B6ED-D2087C9D21C8}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{D98A97AA-D072-43B4-884D-21DFE4806416}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9C562D0-85F8-4A83-83F0-3B134EC82ECD}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DB0CEABE-6ECA-46B0-A715-3DB29B5028A4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{E0B7CB73-C905-477F-B7B8-2C38CCC92194}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E1EC8C75-84C1-4F18-A0D4-C5D562969529}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{E7ED57D6-B08F-4555-B9F3-69315C4B2A31}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{E9AE08AC-57E0-465D-B2E9-B95B8473C486}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{F2BC0183-6F35-4892-B306-576EEE679E98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{FE1E062A-C40F-40AC-917A-33DAB83122B7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF024627-8C4F-4012-8AAB-97B2650BBA6B}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"TCP Query User{77A4C503-F621-41A0-8EDB-502F97F577F1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B80ED73A-524A-4717-91C4-D0B1E1933F42}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{C1094704-5A39-48AD-A51B-147D56A160A6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{303F9159-697E-491A-AFE8-3C47AE5CBA7E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{658279A2-2A46-4E4D-8AE5-99BEE6850735}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C2EF3DD5-9E24-4F0A-84C9-A5767622619F}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"FinePrint" = FinePrint
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.02
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B407A54-6CF2-42B5-B419-E900B2E36972}" = 1500
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{592ED299-14EF-4C0E-93B4-B687CD5A2EBE}_is1" = posterXXL.de Bestellsoftware 4.80
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free Studio_is1" = Free Studio version 5.7.3.915
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Glary Utilities_is1" = Glary Utilities 2.45.0.1481
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"IrfanView" = IrfanView (remove only)
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VLC media player" = VLC media player 1.1.11
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.10.2012 01:26:03 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.10.2012 01:26:03 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5429
Error - 10.10.2012 01:26:03 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5429
Error - 10.10.2012 01:26:04 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.10.2012 01:26:04 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6443
Error - 10.10.2012 01:26:04 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6443
Error - 10.10.2012 01:26:05 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.10.2012 01:26:05 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7473
Error - 10.10.2012 01:26:05 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7473
Error - 10.10.2012 01:27:18 | Computer Name = PC-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
[ Media Center Events ]
Error - 12.06.2012 13:52:35 | Computer Name = PC-PC | Source = MCUpdate | ID = 0
Description = 19:52:28 - Fehler beim Herstellen der Internetverbindung. 19:52:28
- Serververbindung konnte nicht hergestellt werden..
Error - 14.06.2012 03:29:51 | Computer Name = PC-PC | Source = MCUpdate | ID = 0
Description = 09:29:50 - Fehler beim Herstellen der Internetverbindung. 09:29:51
- Serververbindung konnte nicht hergestellt werden..
Error - 14.06.2012 03:30:01 | Computer Name = PC-PC | Source = MCUpdate | ID = 0
Description = 09:29:56 - Fehler beim Herstellen der Internetverbindung. 09:29:56
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 10.10.2012 02:19:08 | Computer Name = PC-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 10.10.2012 02:20:09 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 10.10.2012 02:20:09 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.10.2012 02:20:36 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd SBRE StarOpen
Error - 10.10.2012 02:22:45 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 10.10.2012 06:26:10 | Computer Name = PC-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 10.10.2012 06:26:26 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 10.10.2012 06:26:26 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.10.2012 06:26:58 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd SBRE StarOpen
Error - 10.10.2012 06:29:07 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
10.10.2012, 12:18
| #4 |
| | viren fund auf dem laptop OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.10.2012 12:31:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 66,58% Memory free
7,73 Gb Paging File | 6,45 Gb Available in Paging File | 83,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 192,81 Gb Free Space | 75,87% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 27,80 Gb Free Space | 95,87% Space Free | Partition Type: NTFS
Computer Name: PC-PC | User Name: cocco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E8F35D4-A1BC-4DA6-BA89-96A027279590}" = rport=139 | protocol=6 | dir=out | app=system |
"{1562BBA5-5B3B-4E9D-9751-6FFB80D29E02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D35F81D-EA64-4FB4-8B3E-B20A1A08F592}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24064D47-FE02-4ED6-8DC2-8FC5A6C7D84B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2B349BD8-4EF3-47BD-8B31-B4290878A9E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{33946CE4-9E74-4EF8-BCDB-6FDD946E36F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{36059024-BB0E-49EE-BEE5-7BC519890FB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B848BD3-01EC-437B-B594-CDF6E2A01E89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55972CEA-BFD1-40CF-8C62-A9042FED240B}" = rport=137 | protocol=17 | dir=out | app=system |
"{60FC71A0-5130-46B3-833D-43B749DBC330}" = lport=10243 | protocol=6 | dir=in | app=system |
"{709AD5FA-DF08-46A5-A89A-542369E49016}" = lport=445 | protocol=6 | dir=in | app=system |
"{8837E5AF-4439-42D1-9680-9B64525B620C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C93196B-90AF-42BA-A7F7-8CEB2FB589E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FD52752-6B91-4113-969F-C7792DDB78F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADE5C945-F2B1-4CA5-9C0E-E20093FEF599}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE88CEEA-4CDB-4810-8E80-E8FBDF5A9520}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4A36BB3-A089-4F4E-A675-B2B25B6DF8E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B541E624-9CFF-49C5-AE04-E940D62020F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9E3250E-D88E-4B12-9044-2E9A7CADF883}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3FDF14D-E781-4540-A036-DF5C4A38535D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E503B238-5088-4844-B580-98178FFD83D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{E630FD68-F94C-4A51-9B99-ADF62E6C0758}" = rport=445 | protocol=6 | dir=out | app=system |
"{E9A695CA-A309-4776-ABB1-2AB4E0297D77}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA162D60-1A14-4AF4-ADE9-EB4A7E540BC4}" = rport=138 | protocol=17 | dir=out | app=system |
"{F16367C3-CBEC-4405-8F4E-8E16B3BAA5E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ABA33C-8026-4351-AA9A-861D1EE8F68B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{03D07422-B634-4FA9-9AE4-E7E530726046}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{069D1163-8461-472E-9A2A-45EEFD4FB618}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0778C272-DC47-4E9E-A600-1E167FBF93E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10EDECD9-BABC-4952-A323-37F4A143EA9D}" = protocol=6 | dir=out | app=system |
"{1849FC57-5357-4CF8-B614-0728406D2460}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{1BF05FFD-C7F4-46E8-9B3A-499426443E75}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{23A4C698-6E7F-41DE-B336-FF14EDE708AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{25BF1B9D-E54F-4AF5-87B8-1BD96B51F2AD}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{284BFFCA-F209-47B9-81B1-F85EC28E4B27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28EEA7B0-0011-4543-945F-9E9FD8A44D44}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{295C0200-ADCB-403B-A7E1-F303E7C37779}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2B5AC8E2-4A36-4BD4-A7FF-D8FAB4992714}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30B0186F-DA10-406E-BA02-038AD4DD3F91}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{3238C20A-09BB-4FF5-B612-E8124B8D379C}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{38B7CE82-06EA-4D91-8F3F-E7CFA3BEFF92}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{38EEDF7A-342B-448B-917E-2DE8C4793931}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{3991F1FB-CF35-4B9C-8DED-6ACBBA783C9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{3BCB8396-BB13-4C21-B3A5-94F21325479D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{40A41657-71E9-4CFB-9313-7BF96C03391D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{447FEA31-A1E1-40EA-BC6B-25EBA663C5DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{44E74DDE-F266-47C8-825F-A3F0F6260336}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{45CD5E2C-5357-48F0-B4D2-33C156DE105C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51B4790D-A5D1-4966-B38C-3CEDD13EF6BF}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{522267BA-A140-4590-8D5A-21B7FC430DD4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{612D005A-49DC-4CCA-BB30-1BE37B2200CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{67616116-2203-421B-B5E6-1B93357B9354}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69B3999B-D8DA-4453-9004-8C4785012092}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{6FEB80F7-AF6F-4D1C-9553-04652F6EAA88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{71E50892-B105-4B4B-87FE-4BC942994B96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{731DD34C-B497-4E70-858C-3F703017582D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74473971-71E8-4B42-BAD4-21C0400924AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A6BC6DA-B245-442C-9D48-BA30E498D830}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{7C0499F6-9603-4853-B1D8-CF5078C74664}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{7C8A03E9-B030-42F8-A3BC-C618E9027F51}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{831F1821-D78B-4954-8A9A-4EF2FCA3E885}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{84065740-F0A9-425E-9386-73231F1F1FB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{98981F44-E566-49FB-9557-8385F4434C43}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B42B00D-962C-49F6-B680-9AB4B6F4A646}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{9C07578B-E88B-40AA-AFFA-65C4BAD5773B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F7AAA23-AC6D-4C45-80DD-85FD033F40D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{A6DD3B24-5727-4007-BAE3-0595EB0399CA}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{A7E39AE4-8D4B-418B-9C24-62BC545EF113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF543200-B200-47E9-BB5A-E02B6692223B}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{B0FF2664-9C18-4382-A44D-DC0A3E52A996}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{B111ECEA-338E-441F-BC20-A0099D2FD799}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B27C7900-AB00-424C-B8E1-EAA22C61037A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B495F9A8-1EB8-41F8-8EE7-BE01936C4EAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{B5D49F7A-CC2E-432B-BB7F-3DE73A1AD8F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B9735DC3-3D6B-4568-9548-CC0BCAD8AADA}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{BABEA0C3-78D8-4C34-8FA9-2863A4AD5F66}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C7AAB971-3CA4-407D-A472-3920E823A526}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{C90CB032-4AEF-4B88-862F-94D1F5F0019F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{CA741657-16F4-4CA0-AD11-9E8DD72F1156}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1E9B6CB-390E-4452-9405-E7CCD15CA502}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D74A44EF-932A-4F71-8B87-A6D7D4243FE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{D816829C-9615-42A0-81EF-D6027DFA7C4A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D93EAB69-9294-4F5D-B6ED-D2087C9D21C8}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{D98A97AA-D072-43B4-884D-21DFE4806416}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9C562D0-85F8-4A83-83F0-3B134EC82ECD}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DB0CEABE-6ECA-46B0-A715-3DB29B5028A4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{E0B7CB73-C905-477F-B7B8-2C38CCC92194}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E1EC8C75-84C1-4F18-A0D4-C5D562969529}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{E7ED57D6-B08F-4555-B9F3-69315C4B2A31}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{E9AE08AC-57E0-465D-B2E9-B95B8473C486}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{F2BC0183-6F35-4892-B306-576EEE679E98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{FE1E062A-C40F-40AC-917A-33DAB83122B7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF024627-8C4F-4012-8AAB-97B2650BBA6B}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"TCP Query User{77A4C503-F621-41A0-8EDB-502F97F577F1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B80ED73A-524A-4717-91C4-D0B1E1933F42}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{C1094704-5A39-48AD-A51B-147D56A160A6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{303F9159-697E-491A-AFE8-3C47AE5CBA7E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{658279A2-2A46-4E4D-8AE5-99BEE6850735}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C2EF3DD5-9E24-4F0A-84C9-A5767622619F}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"FinePrint" = FinePrint
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.02
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B407A54-6CF2-42B5-B419-E900B2E36972}" = 1500
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{592ED299-14EF-4C0E-93B4-B687CD5A2EBE}_is1" = posterXXL.de Bestellsoftware 4.80
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free Studio_is1" = Free Studio version 5.7.3.915
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Glary Utilities_is1" = Glary Utilities 2.45.0.1481
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"IrfanView" = IrfanView (remove only)
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VLC media player" = VLC media player 1.1.11
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.10.2012 01:26:03 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.10.2012 01:26:03 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5429
Error - 10.10.2012 01:26:03 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5429
Error - 10.10.2012 01:26:04 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.10.2012 01:26:04 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6443
Error - 10.10.2012 01:26:04 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6443
Error - 10.10.2012 01:26:05 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.10.2012 01:26:05 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7473
Error - 10.10.2012 01:26:05 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7473
Error - 10.10.2012 01:27:18 | Computer Name = PC-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
[ Media Center Events ]
Error - 12.06.2012 13:52:35 | Computer Name = PC-PC | Source = MCUpdate | ID = 0
Description = 19:52:28 - Fehler beim Herstellen der Internetverbindung. 19:52:28
- Serververbindung konnte nicht hergestellt werden..
Error - 14.06.2012 03:29:51 | Computer Name = PC-PC | Source = MCUpdate | ID = 0
Description = 09:29:50 - Fehler beim Herstellen der Internetverbindung. 09:29:51
- Serververbindung konnte nicht hergestellt werden..
Error - 14.06.2012 03:30:01 | Computer Name = PC-PC | Source = MCUpdate | ID = 0
Description = 09:29:56 - Fehler beim Herstellen der Internetverbindung. 09:29:56
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 10.10.2012 02:19:08 | Computer Name = PC-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 10.10.2012 02:20:09 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 10.10.2012 02:20:09 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.10.2012 02:20:36 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd SBRE StarOpen
Error - 10.10.2012 02:22:45 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 10.10.2012 06:26:10 | Computer Name = PC-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 10.10.2012 06:26:26 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 10.10.2012 06:26:26 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.10.2012 06:26:58 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd SBRE StarOpen
Error - 10.10.2012 06:29:07 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
10.10.2012, 12:33
| #5 |
| /// Malwareteam | viren fund auf dem laptop Und wo sind die Logdateien von Avira, in welchen die Funde protokolliert sind?  Gmer kann nichts finden - du solltest es auch nur ausführen, wenn du ein 32bit-System hast. Mach statt GMER folgendes: Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.10.2012, 11:27
| #6 |
| | viren fund auf dem laptop hallo bei avira habe ich keine berichte mehr gefunden abder bei spybot 2012-10-02 Includes\AdwareC.sbii 2012-09-25 Includes\HijackersC.sbi 2012-08-28 Includes\Malware.sbi 2012-09-25 Includes\MalwareC.sbi 2011-09-28 Includes\Trojans.sbi 2012-10-01 Includes\TrojansC-02.sbi 2012-09-20 Includes\TrojansC-03.sbi 2012-10-02 Includes\TrojansC-04.sbi 2012-09-07 Includes\TrojansC.sbi aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-11 12:08:19 ----------------------------- 12:08:19.143 OS Version: Windows x64 6.1.7601 Service Pack 1 12:08:19.144 Number of processors: 4 586 0x2502 12:08:19.145 ComputerName: PC-PC UserName: cocco 12:08:20.234 Initialize success 12:12:26.533 AVAST engine defs: 12101100 12:17:16.551 The log file has been saved successfully to "C:\Users\cocco\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-11 12:08:19 ----------------------------- 12:08:19.143 OS Version: Windows x64 6.1.7601 Service Pack 1 12:08:19.144 Number of processors: 4 586 0x2502 12:08:19.145 ComputerName: PC-PC UserName: cocco 12:08:20.234 Initialize success 12:12:26.533 AVAST engine defs: 12101100 12:17:16.551 The log file has been saved successfully to "C:\Users\cocco\Desktop\aswMBR.txt" 12:20:21.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 12:20:21.526 Disk 0 Vendor: HITACHI_ PB3Z Size: 305245MB BusType: 3 12:20:21.533 Disk 0 MBR read successfully 12:20:21.538 Disk 0 MBR scan 12:20:21.558 Disk 0 Windows 7 default MBR code 12:20:21.572 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048 12:20:21.654 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648 12:20:21.731 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312 12:20:21.781 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528 12:20:21.901 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360 12:20:22.082 Disk 0 scanning C:\windows\system32\drivers 12:20:50.417 Service scanning 12:21:59.436 Modules scanning 12:21:59.439 Disk 0 trace - called modules: 12:21:59.462 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 12:21:59.464 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006999060] 12:21:59.466 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004969050] 12:22:00.461 AVAST engine scan C:\windows 12:22:04.773 AVAST engine scan C:\windows\system32 12:33:16.988 AVAST engine scan C:\windows\system32\drivers 12:33:59.718 AVAST engine scan C:\Users\cocco 12:36:01.156 Disk 0 MBR has been saved successfully to "C:\Users\cocco\Desktop\MBR.dat" 12:36:01.325 The log file has been saved successfully to "C:\Users\cocco\Desktop\aswMBR.txt" |
|
11.10.2012, 12:10
| #7 |
| /// Malwareteam | viren fund auf dem laptop Und wo ist das log vom TDSS-Killer? 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.10.2012, 14:25
| #8 |
| | viren fund auf dem laptop ich habe kein bericht vom killer wo soll der sein der killer hat nix gefunden ich habe es 12:37:59.0095 4848 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 12:37:59.0312 4848 ============================================================ 12:37:59.0312 4848 Current date / time: 2012/10/11 12:37:59.0312 12:37:59.0312 4848 SystemInfo: 12:37:59.0312 4848 12:37:59.0312 4848 OS Version: 6.1.7601 ServicePack: 1.0 12:37:59.0312 4848 Product type: Workstation 12:37:59.0312 4848 ComputerName: PC-PC 12:37:59.0313 4848 UserName: cocco 12:37:59.0313 4848 Windows directory: C:\windows 12:37:59.0313 4848 System windows directory: C:\windows 12:37:59.0313 4848 Running under WOW64 12:37:59.0313 4848 Processor architecture: Intel x64 12:37:59.0313 4848 Number of processors: 4 12:37:59.0313 4848 Page size: 0x1000 12:37:59.0313 4848 Boot type: Normal boot 12:37:59.0313 4848 ============================================================ 12:38:00.0957 4848 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:38:00.0980 4848 ============================================================ 12:38:00.0980 4848 \Device\Harddisk0\DR0: 12:38:00.0984 4848 MBR partitions: 12:38:00.0984 4848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000 12:38:00.0984 4848 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800 12:38:01.0013 4848 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800 12:38:01.0013 4848 ============================================================ 12:38:01.0070 4848 C: <-> \Device\Harddisk0\DR0\Partition2 12:38:01.0107 4848 D: <-> \Device\Harddisk0\DR0\Partition3 12:38:01.0107 4848 ============================================================ 12:38:01.0107 4848 Initialize success 12:38:01.0107 4848 ============================================================ 12:38:04.0894 2648 ============================================================ 12:38:04.0894 2648 Scan started 12:38:04.0894 2648 Mode: Manual; 12:38:04.0894 2648 ============================================================ 12:38:05.0405 2648 ================ Scan system memory ======================== 12:38:05.0405 2648 System memory - ok 12:38:05.0406 2648 ================ Scan services ============================= 12:38:05.0648 2648 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 12:38:05.0654 2648 1394ohci - ok 12:38:05.0708 2648 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 12:38:05.0716 2648 ACPI - ok 12:38:05.0757 2648 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 12:38:05.0759 2648 AcpiPmi - ok 12:38:05.0807 2648 [ DC201246A14CB3B274DF59FAF539AB07 ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys 12:38:05.0809 2648 ACPIVPC - ok 12:38:05.0987 2648 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:38:05.0990 2648 AdobeFlashPlayerUpdateSvc - ok 12:38:06.0050 2648 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 12:38:06.0062 2648 adp94xx - ok 12:38:06.0113 2648 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 12:38:06.0121 2648 adpahci - ok 12:38:06.0158 2648 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 12:38:06.0163 2648 adpu320 - ok 12:38:06.0206 2648 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 12:38:06.0209 2648 AeLookupSvc - ok 12:38:06.0282 2648 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 12:38:06.0293 2648 AFD - ok 12:38:06.0326 2648 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 12:38:06.0329 2648 agp440 - ok 12:38:06.0369 2648 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 12:38:06.0372 2648 ALG - ok 12:38:06.0419 2648 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 12:38:06.0420 2648 aliide - ok 12:38:06.0428 2648 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 12:38:06.0430 2648 amdide - ok 12:38:06.0468 2648 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 12:38:06.0470 2648 AmdK8 - ok 12:38:06.0498 2648 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 12:38:06.0500 2648 AmdPPM - ok 12:38:06.0528 2648 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 12:38:06.0532 2648 amdsata - ok 12:38:06.0557 2648 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 12:38:06.0562 2648 amdsbs - ok 12:38:06.0588 2648 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 12:38:06.0589 2648 amdxata - ok 12:38:06.0717 2648 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 12:38:06.0719 2648 AntiVirSchedulerService - ok 12:38:06.0756 2648 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 12:38:06.0758 2648 AntiVirService - ok 12:38:06.0775 2648 aotkgvrc - ok 12:38:06.0863 2648 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 12:38:06.0866 2648 AppID - ok 12:38:06.0887 2648 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 12:38:06.0890 2648 AppIDSvc - ok 12:38:06.0931 2648 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 12:38:06.0934 2648 Appinfo - ok 12:38:07.0003 2648 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:38:07.0017 2648 Apple Mobile Device - ok 12:38:07.0052 2648 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys 12:38:07.0055 2648 arc - ok 12:38:07.0069 2648 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 12:38:07.0072 2648 arcsas - ok 12:38:07.0100 2648 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 12:38:07.0102 2648 AsyncMac - ok 12:38:07.0149 2648 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 12:38:07.0150 2648 atapi - ok 12:38:07.0220 2648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 12:38:07.0236 2648 AudioEndpointBuilder - ok 12:38:07.0256 2648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 12:38:07.0265 2648 AudioSrv - ok 12:38:07.0348 2648 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 12:38:07.0351 2648 avgntflt - ok 12:38:07.0423 2648 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 12:38:07.0426 2648 avipbb - ok 12:38:07.0713 2648 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 12:38:07.0715 2648 avkmgr - ok 12:38:07.0769 2648 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 12:38:07.0772 2648 AxInstSV - ok 12:38:07.0824 2648 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys 12:38:07.0835 2648 b06bdrv - ok 12:38:07.0861 2648 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 12:38:07.0868 2648 b57nd60a - ok 12:38:07.0886 2648 bcljykme - ok 12:38:07.0992 2648 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys 12:38:08.0070 2648 BCM43XX - ok 12:38:08.0121 2648 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 12:38:08.0124 2648 BDESVC - ok 12:38:08.0158 2648 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 12:38:08.0159 2648 Beep - ok 12:38:08.0219 2648 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 12:38:08.0235 2648 BFE - ok 12:38:08.0299 2648 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll 12:38:08.0319 2648 BITS - ok 12:38:08.0356 2648 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 12:38:08.0358 2648 blbdrive - ok 12:38:08.0474 2648 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 12:38:08.0485 2648 Bonjour Service - ok 12:38:08.0515 2648 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 12:38:08.0517 2648 bowser - ok 12:38:08.0547 2648 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 12:38:08.0549 2648 BrFiltLo - ok 12:38:08.0567 2648 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 12:38:08.0569 2648 BrFiltUp - ok 12:38:08.0609 2648 [ 34F786535F9245E4028C57B28248C9D8 ] Bridge0 C:\windows\system32\drivers\WDBridge.sys 12:38:08.0611 2648 Bridge0 - ok 12:38:08.0632 2648 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys 12:38:08.0634 2648 BridgeMP - ok 12:38:08.0668 2648 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 12:38:08.0672 2648 Browser - ok 12:38:08.0687 2648 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 12:38:08.0694 2648 Brserid - ok 12:38:08.0722 2648 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 12:38:08.0724 2648 BrSerWdm - ok 12:38:08.0740 2648 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 12:38:08.0742 2648 BrUsbMdm - ok 12:38:08.0753 2648 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 12:38:08.0754 2648 BrUsbSer - ok 12:38:08.0794 2648 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 12:38:08.0796 2648 BthEnum - ok 12:38:08.0812 2648 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 12:38:08.0814 2648 BTHMODEM - ok 12:38:08.0828 2648 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 12:38:08.0831 2648 BthPan - ok 12:38:08.0869 2648 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 12:38:08.0881 2648 BTHPORT - ok 12:38:08.0931 2648 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 12:38:08.0934 2648 bthserv - ok 12:38:08.0957 2648 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 12:38:08.0959 2648 BTHUSB - ok 12:38:08.0985 2648 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 12:38:08.0988 2648 cdfs - ok 12:38:09.0044 2648 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 12:38:09.0049 2648 cdrom - ok 12:38:09.0090 2648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 12:38:09.0093 2648 CertPropSvc - ok 12:38:09.0128 2648 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys 12:38:09.0130 2648 circlass - ok 12:38:09.0174 2648 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 12:38:09.0183 2648 CLFS - ok 12:38:09.0250 2648 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:38:09.0265 2648 clr_optimization_v2.0.50727_32 - ok 12:38:09.0309 2648 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:38:09.0323 2648 clr_optimization_v2.0.50727_64 - ok 12:38:09.0396 2648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:38:09.0416 2648 clr_optimization_v4.0.30319_32 - ok 12:38:09.0453 2648 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:38:09.0459 2648 clr_optimization_v4.0.30319_64 - ok 12:38:09.0495 2648 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 12:38:09.0497 2648 CmBatt - ok 12:38:09.0525 2648 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 12:38:09.0527 2648 cmdide - ok 12:38:09.0587 2648 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 12:38:09.0597 2648 CNG - ok 12:38:09.0664 2648 [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys 12:38:09.0679 2648 CnxtHdAudService - ok 12:38:09.0706 2648 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 12:38:09.0708 2648 Compbatt - ok 12:38:09.0744 2648 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 12:38:09.0746 2648 CompositeBus - ok 12:38:09.0760 2648 COMSysApp - ok 12:38:09.0794 2648 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 12:38:09.0795 2648 crcdisk - ok 12:38:09.0848 2648 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 12:38:09.0853 2648 CryptSvc - ok 12:38:09.0941 2648 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 12:38:09.0959 2648 cvhsvc - ok 12:38:10.0027 2648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 12:38:10.0040 2648 DcomLaunch - ok 12:38:10.0080 2648 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 12:38:10.0088 2648 defragsvc - ok 12:38:10.0143 2648 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 12:38:10.0147 2648 DfsC - ok 12:38:10.0195 2648 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 12:38:10.0203 2648 Dhcp - ok 12:38:10.0239 2648 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 12:38:10.0240 2648 discache - ok 12:38:10.0280 2648 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys 12:38:10.0282 2648 Disk - ok 12:38:10.0288 2648 dmfonujw - ok 12:38:10.0324 2648 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 12:38:10.0330 2648 Dnscache - ok 12:38:10.0366 2648 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 12:38:10.0372 2648 dot3svc - ok 12:38:10.0439 2648 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys 12:38:10.0441 2648 Dot4 - ok 12:38:10.0475 2648 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys 12:38:10.0476 2648 Dot4Print - ok 12:38:10.0501 2648 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys 12:38:10.0502 2648 dot4usb - ok 12:38:10.0546 2648 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 12:38:10.0552 2648 DPS - ok 12:38:10.0594 2648 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 12:38:10.0595 2648 drmkaud - ok 12:38:10.0651 2648 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 12:38:10.0672 2648 DXGKrnl - ok 12:38:10.0700 2648 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 12:38:10.0704 2648 EapHost - ok 12:38:10.0815 2648 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys 12:38:10.0905 2648 ebdrv - ok 12:38:10.0947 2648 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 12:38:10.0950 2648 EFS - ok 12:38:11.0030 2648 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 12:38:11.0064 2648 ehRecvr - ok 12:38:11.0092 2648 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 12:38:11.0107 2648 ehSched - ok 12:38:11.0143 2648 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 12:38:11.0155 2648 elxstor - ok 12:38:11.0169 2648 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 12:38:11.0170 2648 ErrDev - ok 12:38:11.0223 2648 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 12:38:11.0233 2648 EventSystem - ok 12:38:11.0282 2648 [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb C:\windows\system32\DRIVERS\ewusbwwan.sys 12:38:11.0292 2648 ewusbmbb - ok 12:38:11.0335 2648 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\windows\system32\DRIVERS\ew_hwusbdev.sys 12:38:11.0338 2648 ew_hwusbdev - ok 12:38:11.0387 2648 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 12:38:11.0392 2648 exfat - ok 12:38:11.0405 2648 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 12:38:11.0410 2648 fastfat - ok 12:38:11.0482 2648 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 12:38:11.0497 2648 Fax - ok 12:38:11.0532 2648 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys 12:38:11.0534 2648 fdc - ok 12:38:11.0565 2648 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 12:38:11.0566 2648 fdPHost - ok 12:38:11.0592 2648 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 12:38:11.0594 2648 FDResPub - ok 12:38:11.0620 2648 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 12:38:11.0622 2648 FileInfo - ok 12:38:11.0654 2648 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 12:38:11.0655 2648 Filetrace - ok 12:38:11.0688 2648 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 12:38:11.0690 2648 flpydisk - ok 12:38:11.0733 2648 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 12:38:11.0740 2648 FltMgr - ok 12:38:11.0793 2648 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 12:38:11.0819 2648 FontCache - ok 12:38:11.0881 2648 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:38:11.0892 2648 FontCache3.0.0.0 - ok 12:38:11.0927 2648 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 12:38:11.0929 2648 FsDepends - ok 12:38:11.0968 2648 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 12:38:11.0969 2648 Fs_Rec - ok 12:38:12.0014 2648 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 12:38:12.0020 2648 fvevol - ok 12:38:12.0041 2648 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 12:38:12.0043 2648 gagp30kx - ok 12:38:12.0094 2648 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys 12:38:12.0096 2648 GEARAspiWDM - ok 12:38:12.0166 2648 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 12:38:12.0184 2648 gpsvc - ok 12:38:12.0261 2648 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:38:12.0263 2648 gupdate - ok 12:38:12.0277 2648 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:38:12.0279 2648 gupdatem - ok 12:38:12.0299 2648 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 12:38:12.0301 2648 hcw85cir - ok 12:38:12.0327 2648 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 12:38:12.0335 2648 HdAudAddService - ok 12:38:12.0362 2648 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 12:38:12.0364 2648 HDAudBus - ok 12:38:12.0398 2648 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys 12:38:12.0400 2648 HECIx64 - ok 12:38:12.0414 2648 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 12:38:12.0415 2648 HidBatt - ok 12:38:12.0427 2648 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 12:38:12.0431 2648 HidBth - ok 12:38:12.0459 2648 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys 12:38:12.0461 2648 HidIr - ok 12:38:12.0490 2648 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll 12:38:12.0492 2648 hidserv - ok 12:38:12.0541 2648 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 12:38:12.0543 2648 HidUsb - ok 12:38:12.0602 2648 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 12:38:12.0606 2648 hkmsvc - ok 12:38:12.0650 2648 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 12:38:12.0657 2648 HomeGroupListener - ok 12:38:12.0693 2648 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 12:38:12.0700 2648 HomeGroupProvider - ok 12:38:12.0816 2648 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 12:38:12.0822 2648 hpqcxs08 - ok 12:38:12.0853 2648 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 12:38:12.0856 2648 hpqddsvc - ok 12:38:12.0891 2648 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 12:38:12.0893 2648 HpSAMD - ok 12:38:13.0007 2648 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 12:38:13.0027 2648 HPSLPSVC - ok 12:38:13.0084 2648 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 12:38:13.0100 2648 HTTP - ok 12:38:13.0149 2648 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys 12:38:13.0151 2648 huawei_enumerator - ok 12:38:13.0215 2648 [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys 12:38:13.0221 2648 hwdatacard - ok 12:38:13.0285 2648 HWDeviceService64.exe - ok 12:38:13.0333 2648 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 12:38:13.0335 2648 hwpolicy - ok 12:38:13.0371 2648 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 12:38:13.0374 2648 i8042prt - ok 12:38:13.0407 2648 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 12:38:13.0414 2648 iaStor - ok 12:38:13.0503 2648 [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 12:38:13.0504 2648 IAStorDataMgrSvc - ok 12:38:13.0540 2648 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 12:38:13.0549 2648 iaStorV - ok 12:38:13.0628 2648 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 12:38:13.0647 2648 IDriverT - ok 12:38:13.0711 2648 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:38:13.0765 2648 idsvc - ok 12:38:13.0931 2648 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 12:38:14.0078 2648 igfx - ok 12:38:14.0152 2648 [ D951D20153E51928F9DB2227D6FF5C7A ] IGRS C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe 12:38:14.0163 2648 IGRS - ok 12:38:14.0192 2648 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 12:38:14.0194 2648 iirsp - ok 12:38:14.0248 2648 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 12:38:14.0268 2648 IKEEXT - ok 12:38:14.0282 2648 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 12:38:14.0283 2648 intelide - ok 12:38:14.0320 2648 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 12:38:14.0321 2648 intelppm - ok 12:38:14.0358 2648 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 12:38:14.0362 2648 IPBusEnum - ok 12:38:14.0414 2648 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 12:38:14.0416 2648 IpFilterDriver - ok 12:38:14.0477 2648 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 12:38:14.0490 2648 iphlpsvc - ok 12:38:14.0517 2648 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 12:38:14.0520 2648 IPMIDRV - ok 12:38:14.0551 2648 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 12:38:14.0554 2648 IPNAT - ok 12:38:14.0584 2648 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 12:38:14.0585 2648 IRENUM - ok 12:38:14.0599 2648 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 12:38:14.0600 2648 isapnp - ok 12:38:14.0623 2648 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 12:38:14.0629 2648 iScsiPrt - ok 12:38:14.0638 2648 ixmeyuom - ok 12:38:14.0653 2648 jtsdrilg - ok 12:38:14.0678 2648 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys 12:38:14.0685 2648 k57nd60a - ok 12:38:14.0715 2648 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys 12:38:14.0718 2648 kbdclass - ok 12:38:14.0750 2648 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 12:38:14.0751 2648 kbdhid - ok 12:38:14.0775 2648 kcnnsaut - ok 12:38:14.0803 2648 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 12:38:14.0804 2648 KeyIso - ok 12:38:14.0856 2648 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\windows\system32\DRIVERS\KMWDFILTER.sys 12:38:14.0858 2648 KMWDFILTER - ok 12:38:14.0895 2648 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 12:38:14.0898 2648 KSecDD - ok 12:38:14.0931 2648 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 12:38:14.0935 2648 KSecPkg - ok 12:38:14.0973 2648 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 12:38:14.0974 2648 ksthunk - ok 12:38:15.0000 2648 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 12:38:15.0010 2648 KtmRm - ok 12:38:15.0016 2648 kwwmsayj - ok 12:38:15.0065 2648 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll 12:38:15.0073 2648 LanmanServer - ok 12:38:15.0105 2648 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 12:38:15.0111 2648 LanmanWorkstation - ok 12:38:15.0124 2648 Lbd - ok 12:38:15.0188 2648 [ 7FCB3EC66361F157BCD5B5C33CE2AC16 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe 12:38:15.0197 2648 Lenovo ReadyComm AppSvc - ok 12:38:15.0223 2648 [ 5287074E79E4BA82510886F684DC5F72 ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe 12:38:15.0234 2648 Lenovo ReadyComm ConnSvc - ok 12:38:15.0255 2648 ljhabbel - ok 12:38:15.0294 2648 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 12:38:15.0296 2648 lltdio - ok 12:38:15.0330 2648 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 12:38:15.0338 2648 lltdsvc - ok 12:38:15.0367 2648 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 12:38:15.0368 2648 lmhosts - ok 12:38:15.0415 2648 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 12:38:15.0421 2648 LMS - ok 12:38:15.0427 2648 locmcguz - ok 12:38:15.0476 2648 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 12:38:15.0480 2648 LSI_FC - ok 12:38:15.0512 2648 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 12:38:15.0515 2648 LSI_SAS - ok 12:38:15.0540 2648 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 12:38:15.0543 2648 LSI_SAS2 - ok 12:38:15.0563 2648 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 12:38:15.0566 2648 LSI_SCSI - ok 12:38:15.0585 2648 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 12:38:15.0589 2648 luafv - ok 12:38:15.0641 2648 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 12:38:15.0645 2648 Mcx2Svc - ok 12:38:15.0663 2648 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys 12:38:15.0665 2648 megasas - ok 12:38:15.0700 2648 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 12:38:15.0707 2648 MegaSR - ok 12:38:15.0714 2648 mevoslvi - ok 12:38:15.0759 2648 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 12:38:15.0763 2648 MMCSS - ok 12:38:15.0782 2648 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 12:38:15.0784 2648 Modem - ok 12:38:15.0819 2648 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 12:38:15.0820 2648 monitor - ok 12:38:15.0847 2648 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 12:38:15.0849 2648 mouclass - ok 12:38:15.0894 2648 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 12:38:15.0896 2648 mouhid - ok 12:38:15.0933 2648 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 12:38:15.0936 2648 mountmgr - ok 12:38:16.0012 2648 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 12:38:16.0014 2648 MozillaMaintenance - ok 12:38:16.0064 2648 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys 12:38:16.0070 2648 MpFilter - ok 12:38:16.0089 2648 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 12:38:16.0094 2648 mpio - ok 12:38:16.0124 2648 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 12:38:16.0127 2648 mpsdrv - ok 12:38:16.0184 2648 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 12:38:16.0202 2648 MpsSvc - ok 12:38:16.0235 2648 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 12:38:16.0239 2648 MRxDAV - ok 12:38:16.0263 2648 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 12:38:16.0267 2648 mrxsmb - ok 12:38:16.0299 2648 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 12:38:16.0306 2648 mrxsmb10 - ok 12:38:16.0323 2648 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 12:38:16.0326 2648 mrxsmb20 - ok 12:38:16.0362 2648 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 12:38:16.0364 2648 msahci - ok 12:38:16.0391 2648 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 12:38:16.0395 2648 msdsm - ok 12:38:16.0417 2648 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 12:38:16.0422 2648 MSDTC - ok 12:38:16.0473 2648 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 12:38:16.0474 2648 Msfs - ok 12:38:16.0501 2648 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 12:38:16.0503 2648 mshidkmdf - ok 12:38:16.0527 2648 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 12:38:16.0529 2648 msisadrv - ok 12:38:16.0568 2648 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 12:38:16.0573 2648 MSiSCSI - ok 12:38:16.0579 2648 msiserver - ok 12:38:16.0617 2648 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 12:38:16.0619 2648 MSKSSRV - ok 12:38:16.0697 2648 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 12:38:16.0698 2648 MsMpSvc - ok 12:38:16.0730 2648 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 12:38:16.0731 2648 MSPCLOCK - ok 12:38:16.0737 2648 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 12:38:16.0739 2648 MSPQM - ok 12:38:16.0786 2648 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 12:38:16.0795 2648 MsRPC - ok 12:38:16.0828 2648 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 12:38:16.0829 2648 mssmbios - ok 12:38:16.0836 2648 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 12:38:16.0837 2648 MSTEE - ok 12:38:16.0856 2648 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 12:38:16.0858 2648 MTConfig - ok 12:38:16.0869 2648 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 12:38:16.0871 2648 Mup - ok 12:38:16.0899 2648 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 12:38:16.0912 2648 napagent - ok 12:38:16.0974 2648 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 12:38:16.0981 2648 NativeWifiP - ok 12:38:17.0053 2648 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 12:38:17.0072 2648 NDIS - ok 12:38:17.0100 2648 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 12:38:17.0101 2648 NdisCap - ok 12:38:17.0139 2648 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 12:38:17.0141 2648 NdisTapi - ok 12:38:17.0188 2648 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 12:38:17.0190 2648 Ndisuio - ok 12:38:17.0221 2648 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 12:38:17.0226 2648 NdisWan - ok 12:38:17.0270 2648 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 12:38:17.0272 2648 NDProxy - ok 12:38:17.0327 2648 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 12:38:17.0330 2648 Net Driver HPZ12 - ok 12:38:17.0355 2648 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 12:38:17.0358 2648 NetBIOS - ok 12:38:17.0396 2648 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 12:38:17.0403 2648 NetBT - ok 12:38:17.0425 2648 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 12:38:17.0427 2648 Netlogon - ok 12:38:17.0481 2648 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 12:38:17.0494 2648 Netman - ok 12:38:17.0533 2648 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 12:38:17.0545 2648 netprofm - ok 12:38:17.0579 2648 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:38:17.0595 2648 NetTcpPortSharing - ok 12:38:17.0760 2648 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys 12:38:17.0899 2648 netw5v64 - ok 12:38:17.0935 2648 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 12:38:17.0937 2648 nfrd960 - ok 12:38:18.0009 2648 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys 12:38:18.0012 2648 NisDrv - ok 12:38:18.0055 2648 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 12:38:18.0064 2648 NisSrv - ok 12:38:18.0111 2648 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll 12:38:18.0120 2648 NlaSvc - ok 12:38:18.0126 2648 nmtpdmep - ok 12:38:18.0145 2648 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 12:38:18.0147 2648 Npfs - ok 12:38:18.0171 2648 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 12:38:18.0175 2648 nsi - ok 12:38:18.0205 2648 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 12:38:18.0206 2648 nsiproxy - ok 12:38:18.0282 2648 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 12:38:18.0316 2648 Ntfs - ok 12:38:18.0348 2648 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 12:38:18.0349 2648 Null - ok 12:38:18.0399 2648 [ 181E7FE39211E04128A30708906627D8 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys 12:38:18.0402 2648 NVHDA - ok 12:38:18.0701 2648 [ A1777644C3D044494658DA850A4A16D8 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys 12:38:18.0988 2648 nvlddmkm - ok 12:38:19.0090 2648 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 12:38:19.0094 2648 nvraid - ok 12:38:19.0119 2648 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 12:38:19.0124 2648 nvstor - ok 12:38:19.0156 2648 [ B8E361851BFB7152E0A2D6031C4DB1E9 ] nvsvc C:\windows\system32\nvvsvc.exe 12:38:19.0167 2648 nvsvc - ok 12:38:19.0196 2648 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 12:38:19.0201 2648 nv_agp - ok 12:38:19.0222 2648 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 12:38:19.0225 2648 ohci1394 - ok 12:38:19.0264 2648 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:38:19.0282 2648 ose - ok 12:38:19.0432 2648 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:38:19.0556 2648 osppsvc - ok 12:38:19.0567 2648 ouzvwkfr - ok 12:38:19.0596 2648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 12:38:19.0606 2648 p2pimsvc - ok 12:38:19.0632 2648 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 12:38:19.0644 2648 p2psvc - ok 12:38:19.0675 2648 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys 12:38:19.0678 2648 Parport - ok 12:38:19.0720 2648 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 12:38:19.0722 2648 partmgr - ok 12:38:19.0757 2648 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 12:38:19.0764 2648 PcaSvc - ok 12:38:19.0797 2648 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 12:38:19.0802 2648 pci - ok 12:38:19.0830 2648 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 12:38:19.0831 2648 pciide - ok 12:38:19.0867 2648 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 12:38:19.0873 2648 pcmcia - ok 12:38:19.0889 2648 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 12:38:19.0891 2648 pcw - ok 12:38:19.0917 2648 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 12:38:19.0932 2648 PEAUTH - ok 12:38:20.0054 2648 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 12:38:20.0056 2648 PerfHost - ok 12:38:20.0130 2648 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 12:38:20.0160 2648 pla - ok 12:38:20.0199 2648 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 12:38:20.0211 2648 PlugPlay - ok 12:38:20.0274 2648 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 12:38:20.0278 2648 Pml Driver HPZ12 - ok 12:38:20.0303 2648 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 12:38:20.0306 2648 PNRPAutoReg - ok 12:38:20.0329 2648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 12:38:20.0336 2648 PNRPsvc - ok 12:38:20.0389 2648 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 12:38:20.0401 2648 PolicyAgent - ok 12:38:20.0444 2648 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 12:38:20.0451 2648 Power - ok 12:38:20.0495 2648 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 12:38:20.0498 2648 PptpMiniport - ok 12:38:20.0524 2648 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys 12:38:20.0526 2648 Processor - ok 12:38:20.0565 2648 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 12:38:20.0573 2648 ProfSvc - ok 12:38:20.0591 2648 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 12:38:20.0593 2648 ProtectedStorage - ok 12:38:20.0641 2648 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 12:38:20.0643 2648 Psched - ok 12:38:20.0649 2648 PS_MDP - ok 12:38:20.0711 2648 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 12:38:20.0743 2648 ql2300 - ok 12:38:20.0762 2648 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 12:38:20.0766 2648 ql40xx - ok 12:38:20.0772 2648 qvjhtlsp - ok 12:38:20.0809 2648 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 12:38:20.0816 2648 QWAVE - ok 12:38:20.0829 2648 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 12:38:20.0831 2648 QWAVEdrv - ok 12:38:20.0861 2648 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 12:38:20.0862 2648 RasAcd - ok 12:38:20.0896 2648 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 12:38:20.0898 2648 RasAgileVpn - ok 12:38:20.0927 2648 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 12:38:20.0932 2648 RasAuto - ok 12:38:20.0968 2648 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 12:38:20.0971 2648 Rasl2tp - ok 12:38:21.0013 2648 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 12:38:21.0023 2648 RasMan - ok 12:38:21.0051 2648 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 12:38:21.0054 2648 RasPppoe - ok 12:38:21.0082 2648 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 12:38:21.0085 2648 RasSstp - ok 12:38:21.0121 2648 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 12:38:21.0129 2648 rdbss - ok 12:38:21.0144 2648 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 12:38:21.0145 2648 rdpbus - ok 12:38:21.0167 2648 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 12:38:21.0168 2648 RDPCDD - ok 12:38:21.0180 2648 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 12:38:21.0182 2648 RDPENCDD - ok 12:38:21.0199 2648 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 12:38:21.0200 2648 RDPREFMP - ok 12:38:21.0242 2648 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 12:38:21.0248 2648 RDPWD - ok 12:38:21.0305 2648 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 12:38:21.0311 2648 rdyboost - ok 12:38:21.0316 2648 ReadyComm.DirectRouter - ok 12:38:21.0341 2648 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 12:38:21.0346 2648 RemoteAccess - ok 12:38:21.0393 2648 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 12:38:21.0399 2648 RemoteRegistry - ok 12:38:21.0442 2648 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 12:38:21.0447 2648 RFCOMM - ok 12:38:21.0482 2648 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 12:38:21.0487 2648 RpcEptMapper - ok 12:38:21.0521 2648 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 12:38:21.0523 2648 RpcLocator - ok 12:38:21.0571 2648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 12:38:21.0580 2648 RpcSs - ok 12:38:21.0586 2648 rsdrlsnt - ok 12:38:21.0614 2648 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 12:38:21.0617 2648 rspndr - ok 12:38:21.0669 2648 [ 5AAB4808E8CCAE8C2ECDA5B791260616 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys 12:38:21.0676 2648 RSUSBSTOR - ok 12:38:21.0712 2648 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 12:38:21.0717 2648 RTL8167 - ok 12:38:21.0736 2648 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 12:38:21.0738 2648 SamSs - ok 12:38:21.0793 2648 [ CDB954C736D51DC5FA712C039AF4F683 ] SbFw C:\windows\system32\drivers\SbFw.sys 12:38:21.0799 2648 SbFw - ok 12:38:21.0832 2648 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCL C:\windows\system32\DRIVERS\sbfwim.sys 12:38:21.0833 2648 SBFWIMCL - ok 12:38:21.0855 2648 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCLMP C:\windows\system32\DRIVERS\SBFWIM.sys 12:38:21.0857 2648 SBFWIMCLMP - ok 12:38:21.0899 2648 [ A5BC45F8C2F30350E7566799C86B2F5D ] sbhips C:\windows\system32\drivers\sbhips.sys 12:38:21.0901 2648 sbhips - ok 12:38:21.0932 2648 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 12:38:21.0935 2648 sbp2port - ok 12:38:21.0964 2648 SBRE - ok 12:38:22.0051 2648 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 12:38:22.0072 2648 SBSDWSCService - ok 12:38:22.0102 2648 [ F9955774A6BF0A5CA696F591C7B80A79 ] SbTis C:\windows\system32\drivers\sbtis.sys 12:38:22.0105 2648 SbTis - ok 12:38:22.0131 2648 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 12:38:22.0138 2648 SCardSvr - ok 12:38:22.0178 2648 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 12:38:22.0180 2648 scfilter - ok 12:38:22.0236 2648 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 12:38:22.0262 2648 Schedule - ok 12:38:22.0290 2648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 12:38:22.0292 2648 SCPolicySvc - ok 12:38:22.0335 2648 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 12:38:22.0341 2648 SDRSVC - ok 12:38:22.0392 2648 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 12:38:22.0396 2648 SeaPort - ok 12:38:22.0438 2648 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 12:38:22.0440 2648 secdrv - ok 12:38:22.0484 2648 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 12:38:22.0489 2648 seclogon - ok 12:38:22.0516 2648 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll 12:38:22.0520 2648 SENS - ok 12:38:22.0538 2648 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 12:38:22.0541 2648 SensrSvc - ok 12:38:22.0573 2648 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys 12:38:22.0574 2648 Serenum - ok 12:38:22.0622 2648 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys 12:38:22.0625 2648 Serial - ok 12:38:22.0641 2648 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 12:38:22.0643 2648 sermouse - ok 12:38:22.0684 2648 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 12:38:22.0690 2648 SessionEnv - ok 12:38:22.0719 2648 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 12:38:22.0721 2648 sffdisk - ok 12:38:22.0730 2648 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 12:38:22.0732 2648 sffp_mmc - ok 12:38:22.0738 2648 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 12:38:22.0740 2648 sffp_sd - ok 12:38:22.0774 2648 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 12:38:22.0775 2648 sfloppy - ok 12:38:22.0842 2648 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys 12:38:22.0859 2648 Sftfs - ok 12:38:22.0915 2648 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 12:38:22.0925 2648 sftlist - ok 12:38:22.0945 2648 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys 12:38:22.0951 2648 Sftplay - ok 12:38:22.0980 2648 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys 12:38:22.0981 2648 Sftredir - ok 12:38:23.0012 2648 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys 12:38:23.0013 2648 Sftvol - ok 12:38:23.0034 2648 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 12:38:23.0038 2648 sftvsa - ok 12:38:23.0066 2648 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 12:38:23.0075 2648 SharedAccess - ok 12:38:23.0125 2648 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 12:38:23.0136 2648 ShellHWDetection - ok 12:38:23.0168 2648 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 12:38:23.0170 2648 SiSRaid2 - ok 12:38:23.0180 2648 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 12:38:23.0183 2648 SiSRaid4 - ok 12:38:23.0216 2648 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 12:38:23.0219 2648 Smb - ok 12:38:23.0259 2648 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 12:38:23.0262 2648 SNMPTRAP - ok 12:38:23.0278 2648 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 12:38:23.0280 2648 spldr - ok 12:38:23.0319 2648 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 12:38:23.0333 2648 Spooler - ok 12:38:23.0448 2648 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 12:38:23.0541 2648 sppsvc - ok 12:38:23.0566 2648 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 12:38:23.0572 2648 sppuinotify - ok 12:38:23.0624 2648 [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2 C:\windows\system32\DRIVERS\stflt.sys 12:38:23.0626 2648 sp_rsdrv2 - ok 12:38:23.0673 2648 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 12:38:23.0684 2648 srv - ok 12:38:23.0708 2648 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 12:38:23.0717 2648 srv2 - ok 12:38:23.0740 2648 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 12:38:23.0744 2648 srvnet - ok 12:38:23.0774 2648 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 12:38:23.0781 2648 SSDPSRV - ok 12:38:23.0804 2648 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 12:38:23.0809 2648 SstpSvc - ok 12:38:23.0873 2648 [ B17788CCE16D54DCA857B4DBF6D1041B ] ST2012_Svc C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe 12:38:24.0154 2648 ST2012_Svc - ok 12:38:24.0183 2648 StarOpen - ok 12:38:24.0209 2648 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 12:38:24.0211 2648 stexstor - ok 12:38:24.0276 2648 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 12:38:24.0291 2648 stisvc - ok 12:38:24.0297 2648 sujgruth - ok 12:38:24.0332 2648 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys 12:38:24.0333 2648 swenum - ok 12:38:24.0380 2648 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 12:38:24.0394 2648 swprv - ok 12:38:24.0472 2648 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 12:38:24.0511 2648 SysMain - ok 12:38:24.0539 2648 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 12:38:24.0545 2648 TabletInputService - ok 12:38:24.0565 2648 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 12:38:24.0575 2648 TapiSrv - ok 12:38:24.0602 2648 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 12:38:24.0606 2648 TBS - ok 12:38:24.0690 2648 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys 12:38:24.0728 2648 Tcpip - ok 12:38:24.0789 2648 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 12:38:24.0811 2648 TCPIP6 - ok 12:38:24.0859 2648 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 12:38:24.0861 2648 tcpipreg - ok 12:38:24.0895 2648 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 12:38:24.0896 2648 TDPIPE - ok 12:38:24.0934 2648 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 12:38:24.0935 2648 TDTCP - ok 12:38:24.0982 2648 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 12:38:24.0985 2648 tdx - ok 12:38:25.0017 2648 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys 12:38:25.0019 2648 TermDD - ok 12:38:25.0057 2648 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 12:38:25.0074 2648 TermService - ok 12:38:25.0108 2648 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\windows\System32\Drivers\TFsExDisk.sys 12:38:25.0109 2648 TFsExDisk - ok 12:38:25.0114 2648 tguvpsos - ok 12:38:25.0140 2648 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 12:38:25.0144 2648 Themes - ok 12:38:25.0181 2648 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 12:38:25.0184 2648 THREADORDER - ok 12:38:25.0190 2648 tqjrjbxr - ok 12:38:25.0205 2648 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 12:38:25.0211 2648 TrkWks - ok 12:38:25.0270 2648 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 12:38:25.0275 2648 TrustedInstaller - ok 12:38:25.0317 2648 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 12:38:25.0319 2648 tssecsrv - ok 12:38:25.0357 2648 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 12:38:25.0359 2648 TsUsbFlt - ok 12:38:25.0421 2648 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 12:38:25.0425 2648 tunnel - ok 12:38:25.0453 2648 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 12:38:25.0455 2648 uagp35 - ok 12:38:25.0502 2648 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 12:38:25.0510 2648 udfs - ok 12:38:25.0549 2648 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 12:38:25.0553 2648 UI0Detect - ok 12:38:25.0580 2648 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 12:38:25.0583 2648 uliagpkx - ok 12:38:25.0612 2648 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys 12:38:25.0614 2648 umbus - ok 12:38:25.0654 2648 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys 12:38:25.0656 2648 UmPass - ok 12:38:25.0797 2648 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 12:38:25.0843 2648 UNS - ok 12:38:25.0872 2648 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 12:38:25.0883 2648 upnphost - ok 12:38:25.0889 2648 upxeydbr - ok 12:38:25.0925 2648 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys 12:38:25.0928 2648 USBAAPL64 - ok 12:38:25.0962 2648 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys 12:38:25.0966 2648 usbaudio - ok 12:38:25.0996 2648 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 12:38:26.0001 2648 usbccgp - ok 12:38:26.0036 2648 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 12:38:26.0040 2648 usbcir - ok 12:38:26.0064 2648 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 12:38:26.0066 2648 usbehci - ok 12:38:26.0086 2648 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 12:38:26.0094 2648 usbhub - ok 12:38:26.0120 2648 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 12:38:26.0122 2648 usbohci - ok 12:38:26.0148 2648 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 12:38:26.0149 2648 usbprint - ok 12:38:26.0182 2648 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 12:38:26.0183 2648 usbscan - ok 12:38:26.0264 2648 [ F379A62017F92A7D60002D53000DD126 ] usbsmi C:\windows\system32\DRIVERS\SMIksdrv.sys 12:38:26.0270 2648 usbsmi - ok 12:38:26.0292 2648 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 12:38:26.0296 2648 USBSTOR - ok 12:38:26.0332 2648 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 12:38:26.0336 2648 usbuhci - ok 12:38:26.0374 2648 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 12:38:26.0379 2648 usbvideo - ok 12:38:26.0411 2648 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 12:38:26.0415 2648 UxSms - ok 12:38:26.0425 2648 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 12:38:26.0427 2648 VaultSvc - ok 12:38:26.0444 2648 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 12:38:26.0446 2648 vdrvroot - ok 12:38:26.0489 2648 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 12:38:26.0503 2648 vds - ok 12:38:26.0543 2648 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 12:38:26.0545 2648 vga - ok 12:38:26.0561 2648 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 12:38:26.0563 2648 VgaSave - ok 12:38:26.0602 2648 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 12:38:26.0608 2648 vhdmp - ok 12:38:26.0637 2648 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 12:38:26.0638 2648 viaide - ok 12:38:26.0651 2648 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 12:38:26.0653 2648 volmgr - ok 12:38:26.0703 2648 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 12:38:26.0713 2648 volmgrx - ok 12:38:26.0738 2648 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 12:38:26.0746 2648 volsnap - ok 12:38:26.0777 2648 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 12:38:26.0782 2648 vsmraid - ok 12:38:26.0849 2648 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 12:38:26.0885 2648 VSS - ok 12:38:26.0912 2648 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 12:38:26.0914 2648 vwifibus - ok 12:38:26.0946 2648 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 12:38:26.0949 2648 vwififlt - ok 12:38:27.0005 2648 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 12:38:27.0017 2648 W32Time - ok 12:38:27.0032 2648 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 12:38:27.0034 2648 WacomPen - ok 12:38:27.0087 2648 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 12:38:27.0091 2648 WANARP - ok 12:38:27.0098 2648 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 12:38:27.0100 2648 Wanarpv6 - ok 12:38:27.0171 2648 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 12:38:27.0204 2648 wbengine - ok 12:38:27.0236 2648 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 12:38:27.0244 2648 WbioSrvc - ok 12:38:27.0284 2648 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 12:38:27.0295 2648 wcncsvc - ok 12:38:27.0316 2648 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 12:38:27.0320 2648 WcsPlugInService - ok 12:38:27.0353 2648 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys 12:38:27.0374 2648 Wd - ok 12:38:27.0447 2648 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 12:38:27.0461 2648 Wdf01000 - ok 12:38:27.0474 2648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 12:38:27.0479 2648 WdiServiceHost - ok 12:38:27.0493 2648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 12:38:27.0498 2648 WdiSystemHost - ok 12:38:27.0523 2648 [ 2A444ACF7DD446505BCC801F8F6AE5FD ] wdmirror C:\windows\system32\DRIVERS\WDMirror.sys 12:38:27.0525 2648 wdmirror - ok 12:38:27.0572 2648 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 12:38:27.0582 2648 WebClient - ok 12:38:27.0614 2648 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 12:38:27.0623 2648 Wecsvc - ok 12:38:27.0650 2648 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 12:38:27.0655 2648 wercplsupport - ok 12:38:27.0694 2648 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 12:38:27.0700 2648 WerSvc - ok 12:38:27.0740 2648 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 12:38:27.0742 2648 WfpLwf - ok 12:38:27.0771 2648 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys 12:38:27.0776 2648 WimFltr - ok 12:38:27.0792 2648 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 12:38:27.0794 2648 WIMMount - ok 12:38:27.0828 2648 WinDefend - ok 12:38:27.0836 2648 WinHttpAutoProxySvc - ok 12:38:27.0894 2648 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 12:38:27.0899 2648 Winmgmt - ok 12:38:27.0994 2648 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 12:38:28.0039 2648 WinRM - ok 12:38:28.0082 2648 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 12:38:28.0083 2648 WinUsb - ok 12:38:28.0133 2648 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 12:38:28.0154 2648 Wlansvc - ok 12:38:28.0182 2648 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 12:38:28.0183 2648 WmiAcpi - ok 12:38:28.0219 2648 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 12:38:28.0235 2648 wmiApSrv - ok 12:38:28.0267 2648 WMPNetworkSvc - ok 12:38:28.0294 2648 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 12:38:28.0298 2648 WPCSvc - ok 12:38:28.0338 2648 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 12:38:28.0344 2648 WPDBusEnum - ok 12:38:28.0374 2648 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 12:38:28.0375 2648 ws2ifsl - ok 12:38:28.0404 2648 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll 12:38:28.0410 2648 wscsvc - ok 12:38:28.0416 2648 WSearch - ok 12:38:28.0450 2648 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys 12:38:28.0453 2648 wsvd - ok 12:38:28.0554 2648 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 12:38:28.0605 2648 wuauserv - ok 12:38:28.0630 2648 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys 12:38:28.0633 2648 WudfPf - ok 12:38:28.0691 2648 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 12:38:28.0695 2648 WUDFRd - ok 12:38:28.0738 2648 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll 12:38:28.0743 2648 wudfsvc - ok 12:38:28.0779 2648 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 12:38:28.0787 2648 WwanSvc - ok 12:38:28.0833 2648 ================ Scan global =============================== 12:38:28.0856 2648 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 12:38:28.0900 2648 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll 12:38:28.0916 2648 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll 12:38:28.0939 2648 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 12:38:28.0974 2648 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 12:38:28.0985 2648 [Global] - ok 12:38:28.0986 2648 ================ Scan MBR ================================== 12:38:28.0993 2648 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 12:38:29.0232 2648 \Device\Harddisk0\DR0 - ok 12:38:29.0233 2648 ================ Scan VBR ================================== 12:38:29.0237 2648 [ 7CCB044C7E6964773CAA3EAB6719A790 ] \Device\Harddisk0\DR0\Partition1 12:38:29.0240 2648 \Device\Harddisk0\DR0\Partition1 - ok 12:38:29.0255 2648 [ 14CE666E094802C52B4BEAC4F4B3460C ] \Device\Harddisk0\DR0\Partition2 12:38:29.0258 2648 \Device\Harddisk0\DR0\Partition2 - ok 12:38:29.0292 2648 [ D4CF8F75105FD1FA657F497F50BC7577 ] \Device\Harddisk0\DR0\Partition3 12:38:29.0294 2648 \Device\Harddisk0\DR0\Partition3 - ok 12:38:29.0294 2648 ============================================================ 12:38:29.0294 2648 Scan finished 12:38:29.0294 2648 ============================================================ 12:38:29.0311 4372 Detected object count: 0 12:38:29.0311 4372 Actual detected object count: 0 15:03:42.0802 4572 Deinitialize success |
|
11.10.2012, 14:32
| #9 | |
| /// Malwareteam | viren fund auf dem laptopZitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.10.2012, 14:46
| #10 |
| /// Malwareteam | viren fund auf dem laptop MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.10.2012, 15:00
| #11 |
| | viren fund auf dem laptop Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.11.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 cocco :: PC-PC [Administrator] 11.10.2012 15:54:47 mbam-log-2012-10-11 (15-54-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233294 Laufzeit: 5 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
11.10.2012, 15:09
| #12 |
| /// Malwareteam | viren fund auf dem laptop Wie verhält sich der Rechner?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
12.10.2012, 08:44
| #13 |
| | viren fund auf dem laptop guten morgen der pc läuft gut habe schon ein paar mal avira spybot malware bytes mircrosoft serurity essential laufen lassen im augenblick finden sie nix gruß kai |
|
12.10.2012, 09:04
| #14 |
| /// Malwareteam | viren fund auf dem laptop Sieht ganz gut aus - kontrollieren wir alles nochmal!  Schritt 1: MBAM vollständig
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 08:11
| #15 |
| /// Malwareteam | viren fund auf dem laptop Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu viren fund auf dem laptop |
| avira, entferne, entfernen, fund, laptop, minute, minuten, viren, virus |
Linear-Darstellung
