Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 27.12.2012, 02:26   #1
lucean
 
Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A) - Standard

Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)



Hallo,

Hab mir vor kurzem (am 21.) ein Polizei-ransomware eingefangen, bei dem ich dachte ich hätte ihn beseitigt, aber der mich heute (26.) nochmal erwischt hat. Da ich leider euer board erst heute entdeckt habe, hab ich allerdings die Dateien die ich mit Scans erwischt habe schon gelöscht. Ich seh, dass da ziemlich viele Posts sind mit dem Thema, hab also alle Logs die relevant sind gleich hier reingefügt - leider doppelte Menge, weil eben zweimal passiert und falls was wichtiges dabei ist. Jede Hilfe für Säuberung wäre toll.

21.12: In abgesichertem Modus mit Security Essentials Win32/Reveton!lnk gefunden (runctf.lnk - siehe beiliegendes screenshot, da ich die logs für security Essentials nicht gefunden habe) - was da komisch ist: hab sowohl für 21.12 und 26.12 je eine Instanz als "Allowed" - obwohl ich das natürlich nicht getan habe.

Dann mit Malwarebytes Anti-Malware wgsdgsdgdsgsd.dll und .pad entfernt:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.21.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
S :: X [administrator]

21/12/2012 1:00:16 PM
mbam-log-2012-12-21 (13-00-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | 

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220966
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\S\wgsdgsdgdsgsd.dll (Trojan.Reveton) -> Quarantined and deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.

(end)
         
3.) Malwarebytes nochmal am 22. und 24. gecheckt und keine resultate
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.21.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
S :: X [administrator]

22/12/2012 1:39:09 AM
mbam-log-2012-12-22 (01-39-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | 

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206924
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.24.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
S :: X [administrator]

24/03/2012 8:05:16 PM
mbam-log-2012-03-24 (20-05-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | 

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200395
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Emsisoft am 22. laufen lassen und ein paar Java-probleme und Trojan.Ransom.Win32.Foreign.AMN (A) gefunden:

Code:
ATTFilter
Emsisoft Emergency Kit - Version 3.0
Last update: 12/22/2012 11:47:25 AM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, Q:\

Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:	12/22/2012 11:55:27 AM

C:\Users\S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\31261c02-1b0cda94 -> Field.class 	

detected: Java.Exploit.CVE-2010-0840.AC (B)
C:\Users\S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\31261c02-1b0cda94 -> first.class 	

detected: Java.Exploit.CVE-2010-0840.AC (B)
C:\Users\S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\31261c02-1b0cda94 -> Matrix.class 	

detected: Java.Exploit.CVE-2010-0840.AC (B)
C:\Users\S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-343117a8 	detected: 

Trojan.Ransom.Win32.Foreign.AMN (A)

Scanned	474725
Found	4

Scan end:	12/22/2012 1:13:36 PM
Scan time:	1:18:09
         
Am 23. alles angeblich ok:
Code:
ATTFilter
Emsisoft Emergency Kit - Version 3.0
Last update: 12/22/2012 11:47:25 AM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, Q:\

Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:	12/23/2012 1:14:05 AM


Scanned	474789
Found	0

Scan end:	12/23/2012 2:35:06 AM
Scan time:	1:21:01
         
CCleaner laufen lassen und alles mögliche ausgemistet.
Heute hab ich wieder den Polizei bildschirm gekriegt und wieder im Safe Mode (mit neuen Definitionen) Security Essentials (s. screen shot und wieder 1x "Allowed" im Verlauf gefunden) und Malwarebytes laufen lassen.
Der neue Malwarebytes log ist:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.26.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
S :: X [administrator]

26/12/2012 10:11:46 PM
mbam-log-2012-12-26 (22-11-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | 

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208195
Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\S\wgsdgsdgdsgsd.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.
C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.

(end)
         
Allerdings hab ich dann noch im ProgramData folder gecheckt und eine dsgsdgdsgdsgw.js datei gefunden, die ich dann manuell gelöscht habe.

Ahja, den Malwarebytes Anti-Rootkit hab ich auch zweimal laufen lassen, einmal am 23. und einmal heute nach den diversen checks und nichts gefunden.

Ich steh ziemlich kurz davor meine Dateien zu sichern und neuzuinstallieren, allerdings ist die Windows installation auf einer Partition, und ich würd gern den Laptop versuchen zu säubern um da keine Bedenken zu haben.


Also hier sind die OTL logs:

Code:
ATTFilter
OTL logfile created on: 12/27/2012 1:45:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\S\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
7.89 Gb Total Physical Memory | 5.54 Gb Available Physical Memory | 70.22% Memory free
15.78 Gb Paging File | 13.35 Gb Available in Paging File | 84.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.15 Gb Total Space | 118.89 Gb Free Space | 41.40% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.58 Gb Free Space | 16.19% Space Free | Partition Type: NTFS
 
Computer Name: X | User Name: S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\S\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\S\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Expat Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll ()
MOD - C:\Program Files (x86)\Expat Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll ()
MOD - C:\Program Files\Lenovo\AutoLock\cv210.dll ()
MOD - C:\Program Files\Lenovo\AutoLock\cxcore210.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()
MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (HyperW7Svc) -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV:64bit: - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe (SiSoftware)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (ExpatTrayService) -- C:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe ()
SRV - (ExpatShieldService) -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe ()
SRV - (ExpatWd) -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe ()
SRV - (ExpatSrv) -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (VIPAppService) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (SROSVC) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (PHCORE) -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\sandra.sys (SiSoftware)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MobileAdapter) -- C:\Windows\SysNative\drivers\qscnusb.sys (QUALCOMM Incorporated)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (TVicPort64) -- C:\Windows\SysNative\drivers\TVicPort64.sys (EnTech Taiwan)
DRV - (A2DDA) -- C:\Users\S\Desktop\emsisoft\Run\a2ddax64.sys (Emsi Software GmbH)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C3344ACF-AF5F-4A3D-9945-513ECC62A8C1}
IE:64bit: - HKLM\..\SearchScopes\{C3344ACF-AF5F-4A3D-9945-513ECC62A8C1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C3344ACF-AF5F-4A3D-9945-513ECC62A8C1}
IE - HKLM\..\SearchScopes\{C3344ACF-AF5F-4A3D-9945-513ECC62A8C1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-1954810561-761473525-1829384633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-1954810561-761473525-1829384633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1954810561-761473525-1829384633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1954810561-761473525-1829384633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-1954810561-761473525-1829384633-1001\..\SearchScopes,DefaultScope = {C3344ACF-AF5F-4A3D-9945-513ECC62A8C1}
IE - HKU\S-1-5-21-1954810561-761473525-1829384633-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1954810561-761473525-1829384633-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: rikaichan-jpen%40polarcloud.com:2.01.110814
FF - prefs.js..extensions.enabledAddons: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.07
FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:4.1
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\S\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\S\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\S\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\S\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/03/25 02:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/25 02:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/02 14:50:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/02 14:50:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/02 14:50:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/02 14:50:30 | 000,000,000 | ---D | M]
 
[2011/07/13 05:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\Mozilla\Extensions
[2012/12/26 23:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\gr3wsv2b.default\extensions
[2012/10/19 05:13:10 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\gr3wsv2b.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2011/10/09 04:57:27 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\gr3wsv2b.default\extensions\rikaichan-jpen@polarcloud.com
[2012/12/26 23:57:54 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\gr3wsv2b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/02/16 21:36:18 | 000,013,666 | ---- | M] () (No name found) -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\gr3wsv2b.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2012/12/26 23:56:18 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\gr3wsv2b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/02 14:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/02 14:50:30 | 000,000,000 | ---D | M] (Expat Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012/12/02 14:50:49 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/02 14:50:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/02 14:50:33 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2011/09/29 06:26:38 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1954810561-761473525-1829384633-1001..\Run: [Akamai NetSession Interface] C:\Users\S\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1954810561-761473525-1829384633-1001..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKLM..\RunOnce: [Z1] C:\Users\S\Desktop\mbar\mbar\mbar.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1954810561-761473525-1829384633-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AEEFC40-9825-4DF9-AF6C-C89EE2C74098}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8722801-F8FA-49AF-B23A-BC720D5C9955}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{03170695-f603-11e1-bebd-f0def16f6272}\Shell - "" = AutoRun
O33 - MountPoints2\{03170695-f603-11e1-bebd-f0def16f6272}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{3005a88a-e15d-11e0-9647-f0def16f6272}\Shell - "" = AutoRun
O33 - MountPoints2\{3005a88a-e15d-11e0-9647-f0def16f6272}\Shell\AutoRun\command - "" = D:\HWPcAssistant.exe
O33 - MountPoints2\{323db7fa-9004-11e1-b60c-f0def16f6272}\Shell - "" = AutoRun
O33 - MountPoints2\{323db7fa-9004-11e1-b60c-f0def16f6272}\Shell\AutoRun\command - "" = D:\HWPcAssistant.exe
O33 - MountPoints2\{43570bc6-9f90-11e0-89eb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{43570bc6-9f90-11e0-89eb-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{49ac1787-ed59-11e0-9ba1-f0def16f6272}\Shell - "" = AutoRun
O33 - MountPoints2\{49ac1787-ed59-11e0-9ba1-f0def16f6272}\Shell\AutoRun\command - "" = D:\HWPcAssistant.exe
O33 - MountPoints2\{9ed22a7e-16fb-11e1-b857-f0def16f6272}\Shell - "" = AutoRun
O33 - MountPoints2\{9ed22a7e-16fb-11e1-b857-f0def16f6272}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\readme.txt
O33 - MountPoints2\{9ed22a7e-16fb-11e1-b857-f0def16f6272}\Shell\getdtm\command - "" = iexplore hxxp://www.blackberry.com/desktop
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\HWPcAssistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/23 17:15:44 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/23 17:15:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/23 17:09:23 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012/12/23 16:57:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/23 16:57:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/23 16:57:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/23 16:57:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/23 16:57:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/23 16:57:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/23 16:57:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/23 16:57:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/23 16:57:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/23 16:57:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/23 16:57:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/23 16:57:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/23 16:57:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/23 16:57:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/23 16:57:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/23 16:55:46 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/23 16:55:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/23 16:55:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/23 16:55:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/23 16:55:26 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/23 16:55:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/23 16:55:24 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/23 16:55:24 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/23 16:50:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/12/23 16:50:43 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/12/23 16:39:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/23 16:39:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/23 16:39:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/23 16:39:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/23 16:39:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/23 16:39:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/23 16:39:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/23 16:39:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/23 16:39:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/23 16:39:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/23 16:39:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/23 16:39:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/23 16:39:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/23 16:39:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/23 16:39:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/23 16:39:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/23 16:39:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/23 16:39:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/23 16:39:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/23 16:39:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/23 16:39:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/23 16:39:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/23 16:39:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/23 16:39:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/23 16:39:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/23 16:39:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/23 16:39:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/23 16:39:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/23 16:39:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/23 16:39:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/23 16:39:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/23 16:39:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/23 16:39:12 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/12/23 16:39:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/12/23 16:39:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/12/23 16:39:05 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/12/23 16:39:05 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/12/23 16:39:05 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/12/23 16:39:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/12/23 16:39:04 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/12/23 16:39:04 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/12/23 16:39:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/12/23 16:39:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/12/23 16:38:48 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/12/23 16:38:47 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/12/23 16:38:47 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/12/23 16:38:42 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/12/23 16:38:40 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/12/23 16:38:40 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/12/23 16:38:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/12/23 16:38:34 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/12/23 16:38:34 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/12/23 16:38:34 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/12/23 16:38:34 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/12/23 16:38:26 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/23 16:38:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/23 16:38:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/12/23 16:38:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/12/23 16:38:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/12/23 16:38:24 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/12/23 16:38:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/12/23 16:38:23 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/12/23 16:38:23 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/12/23 16:38:21 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/12/23 16:38:21 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/12/23 16:38:15 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/12/23 16:38:15 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/12/23 16:38:15 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/12/23 16:38:14 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/12/23 16:38:13 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/12/23 16:38:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/12/23 16:38:11 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/12/23 16:38:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/12/23 16:38:11 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/12/23 16:38:11 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/12/23 16:38:10 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/12/23 16:38:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/12/23 16:38:10 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/12/23 16:38:10 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/12/23 16:38:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/12/23 16:38:09 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/12/23 16:38:08 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/12/23 16:38:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/12/23 16:38:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/12/23 16:38:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/12/23 16:38:07 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/23 16:38:07 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/23 16:38:06 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/12/23 16:38:06 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/12/23 16:38:04 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/12/23 16:38:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/12/23 16:38:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/12/23 16:35:48 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/12/23 16:35:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/12/23 16:35:33 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/12/23 16:35:32 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/12/23 16:35:32 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/12/23 16:35:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/12/23 16:35:30 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/12/23 16:35:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/12/23 16:33:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/12/23 16:33:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/12/22 11:39:48 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\emsisoft
[2012/12/22 11:33:50 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\mbar
[2012/12/21 10:31:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/12/04 16:28:59 | 000,000,000 | ---D | C] -- C:\Users\S\Documents\sec-consult
[2012/12/02 14:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/27 00:54:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1954810561-761473525-1829384633-1001UA.job
[2012/12/27 00:54:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1954810561-761473525-1829384633-1001Core.job
[2012/12/26 22:32:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 22:32:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 22:32:03 | 000,729,752 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/26 22:32:03 | 000,630,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/26 22:32:03 | 000,111,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/26 22:26:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/26 22:26:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/26 22:24:44 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/12/26 22:24:44 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/12/26 22:24:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/26 22:24:34 | 2058,801,151 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/23 17:56:59 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/23 16:43:53 | 000,007,600 | ---- | M] () -- C:\Users\S\AppData\Local\Resmon.ResmonCfg
[2012/12/22 00:22:16 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/12/22 00:22:16 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/12/21 12:56:32 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/10 13:44:27 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012/11/27 14:47:00 | 000,173,409 | ---- | M] () -- C:\Users\S\Documents\syoussef-lebenslauf.pdf
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/23 17:15:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/23 16:55:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/27 14:47:17 | 000,173,409 | ---- | C] () -- C:\Users\S\Documents\syoussef-lebenslauf.pdf
[2012/03/25 02:41:04 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/25 02:41:04 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/22 07:16:15 | 000,007,600 | ---- | C] () -- C:\Users\S\AppData\Local\Resmon.ResmonCfg
[2011/08/08 17:25:51 | 000,736,160 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/28 02:41:08 | 014,860,288 | ---- | C] () -- C:\ProgramData\sandra.mda
[2011/07/10 23:00:43 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/06/26 02:18:52 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/26 02:18:51 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/06/26 02:18:51 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/07/09 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\AnvSoft
[2012/06/13 20:34:50 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\com.destroytoday.destroytwitter
[2012/12/06 14:23:35 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\HandBrake
[2011/07/10 04:04:49 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Leadertech
[2011/07/16 18:23:31 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\PCDr
[2011/07/10 05:29:48 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\PwrMgr
[2012/03/25 02:22:06 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\SoftGrid Client
[2011/08/08 17:27:42 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\TP
[2011/08/13 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\TreeSheetsdbs
[2012/12/26 22:23:18 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/01/23 04:19:47 | 000,000,000 | ---D | M](C:\Users\S\Desktop\franka's book?) -- C:\Users\S\Desktop\franka's book
[2012/01/23 04:19:15 | 000,000,000 | ---D | C](C:\Users\S\Desktop\franka's book?) -- C:\Users\S\Desktop\franka's book

< End of report >
         
und

Code:
ATTFilter
OTL Extras logfile created on: 12/27/2012 1:45:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\S\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
7.89 Gb Total Physical Memory | 5.54 Gb Available Physical Memory | 70.22% Memory free
15.78 Gb Paging File | 13.35 Gb Available in Paging File | 84.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.15 Gb Total Space | 118.89 Gb Free Space | 41.40% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.58 Gb Free Space | 16.19% Space Free | Partition Type: NTFS
 
Computer Name: X | User Name: S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1954810561-761473525-1829384633-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9A0965-9D88-4C2A-9628-36CF65E6F36C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0F4C0B36-E3A1-4C89-BA4D-154DCA2E6DCF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2F7CEA97-A663-4EB8-9831-098E4FFC7F5B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3647E741-8518-4FA2-A30D-EFF8423F0455}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{39D7D59A-4228-4817-8C76-D43D5EA61F6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{500A8868-B82E-4C2F-AC28-FC42A177B8B2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{50D3030A-3078-4F48-BF25-CFA9E3EB721C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011\wnt500x64\rpcsandrasrv.exe | 
"{55564FCF-A5B5-4BA5-8A6E-2C9C2A976510}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7A18E8ED-1B0B-405F-A6CF-E3C1B9D34187}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7F66E900-FDF3-49B2-AF57-97EB4FAF0103}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{81E1B53B-9B67-4D9D-9295-02DC5E9EB631}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{883BDECB-138B-44DF-B9A7-08D364E09CBC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8C8783B8-91E2-425D-967C-2BCE9B377175}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8E2CA6FA-4E16-4342-8921-D95DF7C2415E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{92BFA930-E422-4279-B069-EC0A587D2363}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{944C9336-3D29-44F7-ACA1-B58174CDCCD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{95E74462-CC75-4567-B83F-C0E3DC583B9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{980526EB-F925-47F6-9F08-2C2703766182}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A01A7027-2AA7-470A-92A6-B1BB224593AA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A02E1026-2EFD-4825-8C5B-C49A6EDEFA0A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ACF3972F-E7D2-4165-BF99-57E071BCED82}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011\rpcagentsrv.exe | 
"{B4AD8EF5-BEBD-4E66-8359-D532EDF64EEC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B7D074A4-503A-4D58-B643-5BA1FB528258}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8F2B84E-8165-41AF-964B-7E5C4FE04C63}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D021DD8A-0C17-4649-8DCC-5B8D2C8198BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E05A85CE-564B-4F1B-903A-82D632D96435}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F254388C-A5B4-4B94-89CF-DC070A9D3A2E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FB69DDDE-1BDB-441E-9A00-DEEF77882B37}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D7FBB4-8D76-4E01-BF17-588EF3BD4043}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{0AFA3F6A-56C8-49F8-A528-FB54978F7780}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{0CFD8F83-DFCF-47F8-BC1B-42C3ADC8C27C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E336C99-4815-4CA2-9F11-22D46DA97352}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1027858D-85E3-48F8-9047-C84BEC72FDBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10EBDA9C-CA30-4E9B-BFCB-76A2D56E1F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{13FA9569-4562-453D-9C43-F197A4310889}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{171AA478-9757-4120-9DFA-42BFED0D4644}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{22D871D9-713F-4A36-901F-AFE67FCE172B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{264C7829-3EAA-4360-8417-08A68E9D6DFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{28D4DC84-2E66-42BB-A5D1-216E63942EF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C16BD8D-73F2-4B4C-9C99-8B6F16B5377E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2EF54867-C698-4BEC-AC92-9146916469B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{31E383F1-6FAA-4E8D-B5D5-6AC15DB69729}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{36B4A853-60F4-484F-AD9C-18E127550908}" = protocol=6 | dir=out | app=system | 
"{3F94165F-8517-4C9B-AB76-0A1FE79D8F67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{52ECB1F7-FE4C-4657-9DAE-2169679E3088}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{55172B3D-F8B4-4C5F-8C1C-FA4880D499B1}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{569B44BF-17C3-4D8A-96B0-2ECCCCE8170B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5C0EB065-C51E-4E3A-A5CF-464B46CF3331}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{65F8B23D-17B3-4CCD-8D62-DCE648D872A2}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{6B25E3D3-A823-4AA4-9472-320DBADDACF7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{70589DF5-877E-414F-8D8B-956EF7B9D80A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{755DBE4F-2094-40EB-AE15-8ED4A153F815}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{75ED250C-4B62-4B4B-9296-C281860BFD99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7E846EA0-A1F5-428C-B5BB-1C072CC73EC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{86038CBD-3772-4197-BD7F-63B0AC67AB69}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{912E68DA-E8CD-4B89-86D6-EA09912A498A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9139650F-0767-493D-8740-AE5BB341D74D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{92DC1274-6939-4C82-8784-706831E7930D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9BA9F456-6B1F-4700-A930-2D9A933CC23C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9F95886B-961D-471F-A9CE-8EF2EF67EC37}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AD016D99-71B7-4EFD-9E56-75231F90FE2B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{ADE2946F-D589-45C9-ADF5-EC32D387091F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C7B5938C-FB05-4E6A-B862-8530FDA7CAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{C7CD624D-9617-484B-AF30-B28479787FBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8052CAC-048B-41D4-BF91-8F43A28CFD59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA2262DA-EAE1-4C7C-92B8-188D0CF14A60}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{CD7175FE-D4C6-47D1-B1CE-87D2552350BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D13CFEA0-9D65-4442-9762-959A61A760F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F9B3FC4C-38B4-46AE-B2A0-8314FAF6E149}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FBEBEE5B-14B8-47C0-A8FE-D59C15AEF5AC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FE3A38D0-4675-4AA1-9030-D269E4E27A34}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"TCP Query User{29AF15F2-ECD4-46F1-B5B3-DC31D9600AA4}C:\users\s\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\s\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{EDEBD646-0A12-487A-836C-72963B502B9C}C:\users\s\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\s\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{2C3F6D5C-1BC0-4C0E-B337-9EFF8A8AA202}C:\users\s\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\s\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{42E0F837-F46D-4491-94B4-F07371635058}C:\users\s\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\s\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1" = TPFanControl v0.62
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144)
"A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"C63C03BF3BE2B6F6204BB54541690449FFF79F4F" = Windows Driver Package - Synaptics (SynTP) Mouse  (05/05/2011 15.3.6.0)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D01A7EE241898C810674C69EB908D655D149BE77" = Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00)
"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B0FC5A8-C3B6-33B7-9069-0D3BC69D2E50}" = Google Talk Plugin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91A29166-4E1B-4664-B70B-4C4A3B6B3372}" = Lenovo Screen Reading Optimizer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0046F17-A170-4E07-A349-F1BCB3A8A8EB}" = Ad-Aware
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIPAccess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Any Video Converter_is1" = Any Video Converter 3.4.0
"AudibleManager" = AudibleManager
"DivX Setup" = DivX Setup
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ExpatShield" = Expat Shield 2.25
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC Suite" = PC Suite
"Scrivener 1030" = Scrivener
"TreeSheets" = TreeSheets
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1954810561-761473525-1829384633-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/21/2012 6:25:42 AM | Computer Name = x | Source = Application Error | ID = 1000
Description = Faulting application name: WhiteList.exe, version: 2.0.1.91, time 
stamp: 0x4da59c9f  Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time
 stamp: 0x4dace5b9  Exception code: 0xc0000417  Fault offset: 0x00031484  Faulting process
 id: 0xb7f0  Faulting application start time: 0x01cdc7d28c22483e  Faulting application
 path: C:\Program Files (x86)\Symantec\VIP Access Client\WhiteList.exe  Faulting module
 path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
 Id: cd1874c9-33c5-11e2-ad47-f0def16f6272
 
Error - 11/22/2012 6:53:18 AM | Computer Name = x | Source = PC-Doctor | ID = 1
Description = (45020) Asapi: (11:53:18:3300)(45020) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
Error - 11/22/2012 7:22:43 AM | Computer Name = x | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
 security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
 security client\MSESysprep.dll" on line 10.  The element imaging appears as a child
 of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by 
this version of Windows.
 
Error - 11/23/2012 11:27:35 AM | Computer Name = x | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 1.1.11.0, time stamp:
 0x4e1edf37  Faulting module name: vlc.exe, version: 1.1.11.0, time stamp: 0x4e1edf37
Exception
 code: 0xc0000005  Fault offset: 0x00001883  Faulting process id: 0xb394  Faulting application
 start time: 0x01cdc98ef2baa78e  Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
 module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Report Id: 4dbde940-3582-11e2-ad47-f0def16f6272
 
Error - 11/23/2012 11:30:45 AM | Computer Name = x | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, 
time stamp: 0x4d672ee4  Faulting module name: DivXMFSource.dll, version: 1.0.0.72,
 time stamp: 0x4cffcff8  Exception code: 0xc0000005  Fault offset: 0x00000000000e6520
Faulting
 process id: 0x480  Faulting application start time: 0x01cdbff6dba53681  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Program Files\DivX\DivX Plus
 Media Foundation Components\DivXMFSource.dll  Report Id: beff92e9-3582-11e2-ad47-f0def16f6272
 
Error - 11/24/2012 9:00:13 AM | Computer Name = x | Source = PC-Doctor | ID = 1
Description = (51220) Asapi: (14:00:13:1160)(51220) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
Error - 11/24/2012 11:21:48 PM | Computer Name = x | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11/24/2012 11:21:48 PM | Computer Name = x | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1076
 
Error - 11/24/2012 11:21:48 PM | Computer Name = x | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076
 
Error - 11/25/2012 11:13:07 AM | Computer Name = x | Source = PC-Doctor | ID = 1
Description = (37912) Asapi: (16:13:07:1500)(37912) libTonopahClient.DownloadManager
 - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
 failed with error: 317 
 
Error - 11/25/2012 11:13:07 AM | Computer Name = x | Source = PC-Doctor | ID = 1
Description = (37912) Asapi: (16:13:07:2350)(37912) libTonopahClient.DownloadManager
 - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
 failed with error: 317 
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 4/26/2012 10:04:02 PM | Computer Name = x | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
 message: Object reference not set to an instance of an object.
 
[ System Events ]
Error - 4/6/2012 6:02:54 PM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
Error - 4/6/2012 6:26:54 PM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
Error - 4/6/2012 8:02:55 PM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
Error - 4/6/2012 8:26:55 PM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
Error - 4/8/2012 12:09:31 AM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
Error - 4/8/2012 12:49:05 AM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
Error - 4/8/2012 1:25:53 PM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
Error - 4/8/2012 2:01:11 PM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
Error - 4/8/2012 2:37:11 PM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
Error - 4/8/2012 3:02:20 PM | Computer Name = x | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
Hoffe der Post war jetzt nicht zu lang, und schon mal dankeschön fürs Lesen.
Miniaturansicht angehängter Grafiken
Klicken Sie auf die Grafik für eine größere Ansicht

Name:	mse-log.JPG
Hits:	329
Größe:	126,2 KB
ID:	47827  

 

Themen zu Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)
7-zip, ad-aware, akamai, any video converter, bildschirm, bonjour, browser, desktop, dsgsdgdsgdsgw.js, dsgsdgdsgdsgw.pad, firefox, flash player, helper, home, iexplore, install.exe, installation, lenovo, plug-in, popup, pwmtr64v.dll, registry, runctf.lnk, saving, security, software, svchost.exe, symantec, system, traces, trojan.ransom.win32.foreign.amn, wgsdgsdgdsgsd.dll, win32/reveton, win32/reveton!lnk




Ähnliche Themen: Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)


  1. deeprybka: Trojan-Ransom.Win32.Foreign ist weg
    Lob, Kritik und Wünsche - 29.06.2014 (1)
  2. Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Trojan.Ransom.Win32.Foreign.kvfa gefunden in C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip
    Log-Analyse und Auswertung - 01.06.2014 (21)
  4. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  5. lenovo x61 mit Win 7, Trojan-Ransom.Win32.Foreign.doov und weitere
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (5)
  6. Meldung von ZoneAlarm: Trojan-Ransom.Win32.Foreign.fvto erkannt
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (19)
  7. trojan-ransom.win32.foreign.bnpm entdeckt in e-mail anhang!
    Log-Analyse und Auswertung - 19.07.2013 (4)
  8. Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (15)
  9. Trojan:Win32/Reveton.T!ink - Was tun?
    Log-Analyse und Auswertung - 14.06.2013 (12)
  10. trojan-ransom.win32.foreign.dfos eventuell versehentlich geöffnet
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (14)
  11. Mahnungsmail mit ZIP Datei - Trojan-Ransom.Win32.Foreign.cjue
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (30)
  12. Ransom.Win32.Foreign / Trojan-Downloader.Java / Exploit.Java (Bildschirm weiß)
    Log-Analyse und Auswertung - 19.05.2013 (6)
  13. Trojan-Ransom.Win32.Foreign.abjw
    Log-Analyse und Auswertung - 23.04.2013 (11)
  14. Win32/Reveton.N trojan
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (9)
  15. Trojan:Win32/Reveton.N gefunden.
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (9)
  16. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  17. Bundestrojaner Trojan-Ransom.win32.Foreign.oja usw.
    Log-Analyse und Auswertung - 14.05.2012 (17)

Zum Thema Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A) - Hallo, Hab mir vor kurzem (am 21.) ein Polizei-ransomware eingefangen, bei dem ich dachte ich hätte ihn beseitigt, aber der mich heute (26.) nochmal erwischt hat. Da ich leider euer - Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)...
Archiv
Du betrachtest: Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.