Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Play Now Radio entfernen

Trojaner Play Now Radio entfernen


Log-Analyse und Auswertung: Trojaner Play Now Radio entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.03.2014, 20:49   #1
martin007
 
Trojaner Play Now Radio entfernen - Standard

Trojaner Play Now Radio entfernen


Hallo
Meine Frau hat sich einen Trojaner eingefangen und ich versuchte es mit Sophos und Netzwerk-Port-Scanner www.gfisoftware.de zu entfernen. Ohne Erfolg. Nachfolgend die OTL Files.
Kann mir jemand helfen?
Martin




OTL Extras logfile created on: 03.03.2014 20:11:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

7.76 Gb Total Physical Memory | 5.62 Gb Available Physical Memory | 72.38% Memory free
8.95 Gb Paging File | 6.72 Gb Available in Paging File | 75.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 422.72 Gb Total Space | 382.23 Gb Free Space | 90.42% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.11 Gb Free Space | 88.42% Space Free | Partition Type: NTFS

Computer Name: CHRISTINAS | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe -scanunknown "%1" (Nico Mak Computing)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe -scanunknown "%1" (Nico Mak Computing)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CDEB95-87DD-4542-B6DF-E092A8AB2EF0}" = rport=138 | protocol=17 | dir=out | app=system |
"{1DB591D8-27D2-47C8-9216-EBFF052914E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{209992CE-5199-466C-B3F5-FFC9BA5FFC26}" = lport=138 | protocol=17 | dir=in | app=system |
"{29570876-5E39-4C0A-A559-38CDDA1E1AFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{321EC4DD-ADEA-4FB1-9639-ED040D9FD90F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48FBDEB4-5C56-4476-9F97-A36E6666B76C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{512568D5-5DF5-4971-8A92-26EB0D7BE85C}" = lport=445 | protocol=6 | dir=in | app=system |
"{63EB8ED5-C268-464A-94C0-0FD231EBCCA1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B8893E4-70E0-44E8-BB7A-E46420EAB1CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EE48E76-8F4C-440D-A335-B27BC929726E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BA9ED6B-EA72-4F4A-B0AC-324701DAD8A2}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D962953-991C-4F97-8025-F00716E7FC38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A40D1396-E58D-4F03-A6FB-88930157C871}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AF6A85A4-C2B0-4D6D-8315-1ADD10A86C1A}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB44B4E1-ED42-4180-8FF4-F871BF26C7F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD638D9F-167E-4AB4-B72E-245C0AC074DE}" = rport=139 | protocol=6 | dir=out | app=system |
"{E3C7598E-D4E0-40FB-8797-9E729167B8A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E99903F6-928C-43D5-B47A-B385A1CE5BCC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F4D67211-130D-4630-AB26-3A0FF8870389}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC3F0181-9656-431E-A691-CA95BAC7FDA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC9E704A-20E3-42EA-A252-8CCD63D0826F}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA52A3-2A6D-40A7-877A-5CF994CB046F}" = dir=in | name=evernote touch |
"{03D292C5-548D-45A1-AF88-1837C0260ABA}" = protocol=6 | dir=out | app=system |
"{05680C09-BE3D-4E4B-A490-5200984E7EB4}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{069E3D0D-8E0A-4F61-AB7A-5C30793237CE}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{11616EC5-A774-4F20-AD21-D4BD75FF367A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{120FD8A8-EF84-4830-8873-3E8890A7D0D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{19EEFA8C-16D9-4DCF-BB4A-7BAD765F01F0}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{1C7F36BA-A519-4926-BBA1-44C791F206DD}" = dir=out | name=lenovo companion |
"{1CC70A60-0D84-4700-9394-5B579EE5945A}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{1E0FAB51-0806-409A-AB71-2EE5D7FB9109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2042523A-D3C7-4BC0-9A6D-B7E70C6764D6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{2DA3FFE7-8D3A-42EA-98E7-AADEC26D4665}" = dir=out | name=mcafee® central for lenovo |
"{33790F44-FA35-4940-9690-3977E278401B}" = dir=out | name=accuweather for windows 8 |
"{402F72D1-9432-417F-9A2C-BCA9B261AC3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{441CB82A-A61F-4A11-8320-170B1A74B72D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4C393BB1-B859-439B-B6C8-D816D1063550}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4D664A1B-8FB7-44B5-8CFC-9DD96A952FAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{60F5DBB5-8AD7-473D-83BF-778B76A5D752}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6334721A-B071-486C-98FC-339B571E56E0}" = dir=out | name=@{microsoft.zunevideo_1.5.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{63B3067D-F463-44B5-A994-5FD7E3AB1EE2}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{6480AE67-2A02-46D8-89F1-2D3F6674757F}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} |
"{67531061-6B51-4578-8324-5CBCE0AEE364}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6766FB36-B427-4357-AABB-7365F9777E40}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D181FE2-B758-42CB-B3C8-F61E481A15E5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73C748EE-6FBB-49FA-B3E6-567DD5D5C39E}" = dir=out | name=windows_ie_ac_001 |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8224521D-E7AC-4A99-BB8A-B1137BB63EE0}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{88FE8558-9C4B-49C2-9D6F-7D2CE4CB4F59}" = dir=out | name=skype |
"{8B684B2E-D32E-40B1-B0BC-A038478340A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C4719BC-C22A-401C-B912-E2EA2C55E92F}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{8C7A9EDA-CAE4-47D5-A10C-05758FDE419A}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{8E38E59E-BBCE-4C0E-BEDF-B73AF4828F7F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8E79AE55-7E18-4108-B6A3-9665A75988A6}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{972B0EFA-AD1D-4BAF-82F2-05AE49685E2C}" = dir=out | name=lenovo support |
"{9B94B61B-FB1D-467A-AAA6-17AF06A442CA}" = dir=out | name=lenovo cloud storage by sugarsync |
"{9E065624-FF1F-4758-8292-E5C05D03E245}" = dir=out | name=zinio |
"{A1664BD9-95EC-4DD7-A4BD-1022B2E2FF92}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{AC50CCE6-734D-45FF-9BCF-4E9706215FDA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{AC8D5682-E15F-4658-819C-D824DD6D1B9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B17A3A27-834D-40E7-944F-F996627280C3}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{B1924FF9-9A06-41F3-AF80-2F821F956601}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B60A7A52-5A30-4239-BBBB-5FB648649D66}" = dir=out | name=intel® experience center |
"{BB80DFEB-E720-4756-81FF-F28DAF015AC1}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{BBB4E9A7-EC6B-4D9C-8F49-118BAC136F4C}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{BC09A389-DDE8-459F-A224-583002195582}" = dir=in | name=mcafee® central for lenovo |
"{BCDA1441-50E2-4BCD-8472-7408C103D896}" = dir=out | name=evernote touch |
"{C1158AD7-4E33-411C-8556-C5247A0CA88C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C1A129DF-960B-4119-980C-6CA1E2234AC2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{CD6F1222-CCA0-4699-8FE3-1B0C5E3B3AF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4BDED8C-3576-4C53-9995-8A0CD8B356D4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D8DA14D7-A812-4D63-A719-362C579D09F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D92C549D-2C52-4FEF-9FDA-C66C08D75493}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{DB2C5D45-A571-4EDA-959A-E22CFA8F2E14}" = dir=in | name=skype |
"{DBB4EAC9-A408-41A3-BC53-CDAD99A62AFC}" = dir=in | name=accuweather for windows 8 |
"{DC8CE363-EC49-43BC-9540-7FCA1662DF66}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DD38C8CD-4407-475E-B928-7ED7AA836CF0}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} |
"{E0AE0558-FC16-4673-8BB2-4C60C22E3681}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2805859-6BCF-4865-877E-117F4F0E0D02}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4EE5A56-F7FD-4FB1-85AB-E1FF654C9F49}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{E6F0F4AA-7490-4292-A883-0B00FF8BD087}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F724A95C-B67E-4EDA-8D08-76FAD022AC55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09888C31-E15A-4E69-AF26-4BFCEE55821B}" = Intel(R) Experience Center Driver
"{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel(R) PRO/Wireless Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2368907C-E8F6-4750-A023-254C3E2B5E8D}" = Classic Shell
"{302600C1-6BDF-4FD1-1304-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{8B11A672-F039-4B14-867C-3F0209ADC85A}" = Intel(R) Rapid Storage Technology
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software
"{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}" = Intel(R) Smart Connect Technology 4.1 x64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E" = Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776)
"8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)
"Elantech" = Lenovo pointing device
"HomeStudentRetail - de-de" = Microsoft Office Home and Student 2013 - de-de
"Lenovo VeriFace" = Lenovo VeriFace
"LenovoExperienceImprovement" = Lenovo Experience Improvement
"Motion Control" = Motion Control

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{16660b76-bdc5-47cf-b28d-846120a1ee76}" = Intel(R) Experience Center Driver
"{20D9D0D9-1659-4775-992E-5F5650AD9B87}" = Intel(R) Update Manager
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8EC141DE-D310-4A57-B363-02E00627B3F0}" = Cisco AnyConnect Secure Mobility Client
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C73A16B7-AC35-4262-9BAF-DA9B2039A563}" = Intel Experience Center - Configuration
"{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Intel® PROSet/Wireless Software
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{e4fefc02-cd6c-45e3-8974-e7357e71da40}" = Intel(R) Experience Center Desktop Software
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}" = Realtek Card Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"SugarSync" = SugarSync Manager
"WinZip Malware Protector_is1" = WinZip Malware Protector

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866
Description =

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 03.03.2014 14:52:03 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

Error - 03.03.2014 14:52:03 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013)
Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

Error - 03.03.2014 14:52:03 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
1651 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED


Error - 03.03.2014 14:52:04 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
.\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 03.03.2014 14:52:21 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 03.03.2014 14:52:57 | Computer Name = Christinas | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.

Error - 03.03.2014 14:52:57 | Computer Name = Christinas | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1352 NULL object. Cannot establish a connection at this time.

Error - 03.03.2014 14:56:52 | Computer Name = Christinas | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 03.03.2014 14:56:52 | Computer Name = Christinas | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 03.03.2014 14:56:52 | Computer Name = Christinas | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL

[ System Events ]
Error - 01.02.2014 14:52:54 | Computer Name = Christinas | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1243

Error - 07.02.2014 04:59:57 | Computer Name = Christinas | Source = DCOM | ID = 10010
Description =

Error - 07.02.2014 08:19:58 | Computer Name = Christinas | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.

Error - 08.02.2014 11:51:44 | Computer Name = Christinas | Source = DCOM | ID = 10010
Description =

Error - 11.02.2014 08:25:29 | Computer Name = Christinas | Source = DCOM | ID = 10010
Description =

Error - 11.02.2014 08:43:29 | Computer Name = Christinas | Source = DCOM | ID = 10016
Description =

Error - 11.02.2014 08:44:14 | Computer Name = Christinas | Source = DCOM | ID = 10010
Description =

Error - 13.02.2014 09:02:42 | Computer Name = Christinas | Source = DCOM | ID = 10010
Description =

Error - 19.02.2014 09:56:11 | Computer Name = Christinas | Source = DCOM | ID = 10010
Description =

Error - 19.02.2014 10:02:33 | Computer Name = Christinas | Source = DCOM | ID = 10016
Description =


< End of report >


OTL logfile created on: 03.03.2014 20:11:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

7.76 Gb Total Physical Memory | 5.62 Gb Available Physical Memory | 72.38% Memory free
8.95 Gb Paging File | 6.72 Gb Available in Paging File | 75.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 422.72 Gb Total Space | 382.23 Gb Free Space | 90.42% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.11 Gb Free Space | 88.42% Space Free | Partition Type: NTFS

Computer Name: CHRISTINAS | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Christina\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Christina\AppData\Roaming\playnowradio\playnowradio\1.3.4.8\playnowradio.exe (Pay By Ads LTD)
PRC - C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Nico Mak Computing)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ed4fbf6eba111d2ada042efdf04c71d8\System.Web.Services.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8247f75caaf7998b9f83b3db63aa5577\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\4072854914b5242ee6edc2746a0323eb\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\5e51607268847697475a997106ff09bc\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ea1456f24ec82177f7668e05dc3be08b\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\025c33a6501815a024f28a2f71add897\CustomMarshalers.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\ed6aff05ea612a7e6ef78fc8f95842e6\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\a3bbd31431d7ba74c429588f8532a231\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9fd292dfdb6f603ef866ad1844e1c59c\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a25f0fba1eabe72621a562b30081bcaa\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\877505b0899d28885b04e71cf0358fc7\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\e88b2ec7cc5b1f23dd9a8322f016fe06\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\dc8da0badb9b3a5c24ad7756900f3325\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\87a46d23bf6d209a5590e0fd66fdb68d\mscorlib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d7aaae3b1c95a1a658446d302b9a7f88\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\11b4af16e791a6b0ada4a97d3e64e27a\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\61be23d6a688188e3419a1eb46fc9d9d\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ffb7bbc6548ff34bc125a8fec79315dc\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\f0602360211041a6be208f0b4138dddd\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll ()
MOD - C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll ()
MOD - C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ()
MOD - C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll ()
MOD - C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll ()
MOD - C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
MOD - C:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ()
MOD - C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll ()
MOD - C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll ()
MOD - C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe File not found
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (ISCTAgent) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV:64bit: - (ETDService) -- C:\Program Files\Elantech\ETDService.exe (ELAN Microelectronics Corp.)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (VeriFaceSrv) -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe ()
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys ()
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\Drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\Drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew02.sys (Intel Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\Drivers\vpnva64-6.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\Drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\Drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (RTSPER) -- C:\Windows\SysNative\Drivers\RtsPer.sys (Realsil Semiconductor Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ibtusb) -- C:\Windows\SysNative\Drivers\ibtusb.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\Drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\Drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\Drivers\ikbevent.sys ()
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)
DRV:64bit: - (ETDSMBus) -- C:\Windows\SysNative\Drivers\ETDSMBus.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\Drivers\ax88772.sys (ASIX Electronics Corp.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\Drivers\wsvd.sys ("CyberLink)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9554211E-0D5B-4461-A53F-A87B5979966E}
IE:64bit: - HKLM\..\SearchScopes\{9554211E-0D5B-4461-A53F-A87B5979966E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9554211E-0D5B-4461-A53F-A87B5979966E}
IE - HKLM\..\SearchScopes\{9554211E-0D5B-4461-A53F-A87B5979966E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.tagesanzeiger.ch/http: [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\..\SearchScopes,DefaultScope = {E94804C2-4148-472F-9570-A2489E86F75D}
IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\..\SearchScopes\{E94804C2-4148-472F-9570-A2489E86F75D}: "URL" = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1403
IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEnco ding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_1403
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google-Suche = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtsFT] C:\windows\RTFTrack.exe (Realtek semiconductor)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001..\RunOnce: [Uninstall C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001..\RunOnce: [Uninstall C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" File not found
O4 - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001..\RunOnce: [Uninstall C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C73D1A5-20D3-43E9-ABD7-7EF99B5CA71E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E74F8738-60FB-429D-8240-CDB0D910E4BA}: DhcpNameServer = 127.0.0.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.03.03 20:10:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2014.03.03 19:55:45 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Nico Mak Computing
[2014.03.03 19:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
[2014.03.03 19:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Nico Mak Computing
[2014.03.03 19:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Malware Protector
[2014.03.02 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014.03.02 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014.03.02 19:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014.03.02 13:40:26 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd
[2014.03.02 13:40:21 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\playnowradio
[2014.02.21 07:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014.02.13 14:13:32 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2014.02.13 14:12:41 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014.02.13 14:12:28 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdrm.dll
[2014.02.13 14:11:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014.02.13 14:11:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2014.02.13 14:11:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014.02.13 14:11:49 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2014.02.13 14:11:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014.02.13 14:11:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014.02.13 14:11:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014.02.13 14:11:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014.02.13 14:11:47 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2014.02.13 14:11:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014.02.13 14:11:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014.02.13 14:11:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014.02.13 14:11:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014.02.13 14:11:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014.02.13 14:11:17 | 003,960,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014.02.13 14:11:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014.02.13 14:09:56 | 003,842,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2014.02.13 14:09:55 | 002,238,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2014.02.04 10:42:49 | 000,112,080 | R--- | C] (Cisco Systems, Inc.) -- C:\windows\SysNative\drivers\acsock64.sys
[2014.02.04 10:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2014.02.04 10:42:47 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Cisco
[2014.02.04 10:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.03.03 20:10:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2014.03.03 20:08:00 | 000,001,138 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.03.03 20:00:35 | 000,001,354 | ---- | M] () -- C:\Users\Christina\Desktop\Play Now Radio.lnk
[2014.03.03 19:57:39 | 003,630,792 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014.03.03 19:57:39 | 000,791,060 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat
[2014.03.03 19:57:39 | 000,782,014 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
[2014.03.03 19:57:39 | 000,754,172 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2014.03.03 19:57:39 | 000,711,282 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014.03.03 19:57:39 | 000,156,362 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2014.03.03 19:57:39 | 000,155,620 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat
[2014.03.03 19:57:39 | 000,153,144 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
[2014.03.03 19:57:39 | 000,133,150 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014.03.03 19:55:41 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\WinZip Malware Protector.lnk
[2014.03.03 19:53:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014.03.03 19:52:41 | 000,001,134 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.03.03 19:52:05 | 000,034,752 | ---- | M] () -- C:\windows\SysNative\drivers\WPRO_41_2001.sys
[2014.03.03 19:51:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014.03.03 19:51:07 | 2369,167,359 | -HS- | M] () -- C:\hiberfil.sys
[2014.03.03 19:50:35 | 000,002,560 | ---- | M] () -- C:\windows\SysNative\VfService.trf
[2014.03.02 19:22:37 | 000,003,185 | ---- | M] () -- C:\Users\Christina\Desktop\Sophos Virus Removal Tool.lnk
[2014.03.02 18:41:59 | 000,010,382 | ---- | M] () -- C:\Users\Christina\AppData\Local\WiDiUtilsLog.20140302.184156.wdl
[2014.02.26 19:11:29 | 000,028,900 | ---- | M] () -- C:\Users\Christina\AppData\Local\WiDiSetupLog.20140226.191015.wdl
[2014.02.24 10:10:34 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.02.17 23:03:37 | 000,694,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014.02.17 23:03:37 | 000,078,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.03.03 19:55:41 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\WinZip Malware Protector.lnk
[2014.03.03 19:55:34 | 000,020,480 | ---- | C] () -- C:\windows\SysNative\wsusnative64.exe
[2014.03.03 19:40:05 | 000,001,354 | ---- | C] () -- C:\Users\Christina\Desktop\Play Now Radio.lnk
[2014.03.02 19:22:37 | 000,003,185 | ---- | C] () -- C:\Users\Christina\Desktop\Sophos Virus Removal Tool.lnk
[2014.03.02 18:41:56 | 000,010,382 | ---- | C] () -- C:\Users\Christina\AppData\Local\WiDiUtilsLog.20140302.184156.wdl
[2014.02.26 19:10:15 | 000,028,900 | ---- | C] () -- C:\Users\Christina\AppData\Local\WiDiSetupLog.20140226.191015.wdl
[2014.02.13 14:13:32 | 000,385,614 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2014.01.16 14:18:19 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2014.01.16 13:26:07 | 000,002,792 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\AbsoluteReminder.xml
[2013.10.31 01:43:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013.10.31 01:27:28 | 003,624,158 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.10.31 01:17:00 | 019,587,072 | ---- | C] () -- C:\windows\SysWow64\igdfcl32.dll
[2013.10.31 01:17:00 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013.10.31 01:17:00 | 000,103,936 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll
[2013.02.13 20:27:54 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012.07.25 21:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012.07.25 21:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2014.03.03 20:06:56 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.08.02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.08.02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.03.03 19:52:38 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\ClassicShell
[2014.03.02 13:40:33 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd
[2014.03.03 19:55:45 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Nico Mak Computing
[2014.03.02 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\playnowradio

========== Purity Check ==========



< End of report >

 

Themen zu Trojaner Play Now Radio entfernen
adobe, cpu, entfernen, explorer, format, iexplore.exe, install.exe, preferences, pup.optional.coolmirage.a, pup.optional.gophoto.a, pup.optional.montiera, realtek, security, svchost.exe, trojaner, trojaner play now radio, winzip malware protector


« Firefox lässt sich nicht öffnen, stattdessen machen sich andere Browser wie Snap do auf. | SearchProtect Coduit entfernen »


Ähnliche Themen: Trojaner Play Now Radio entfernen


  1. HAKT Radio from Fireside Software entfernen
    Anleitungen, FAQs & Links - 12.10.2015 (2)
  2. Ads by Ubers Radio entfernen
    Anleitungen, FAQs & Links - 19.08.2015 (2)
  3. Radio Canyon in der Symbolleiste obwohl deinstalliert
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (23)
  4. ads by Radio Canyon
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (12)
  5. Play Now Radio / Pup.Optional.Conduit eingefangen , AntiVirus Programm nicht mehr aktivierbar
    Plagegeister aller Art und deren Bekämpfung - 15.04.2014 (12)
  6. Trojaner Play Now Radio entfernen, aber wie?
    Plagegeister aller Art und deren Bekämpfung - 24.03.2014 (9)
  7. OTL Scan wegen Play Now Radio Trojaner
    Log-Analyse und Auswertung - 13.03.2014 (2)
  8. "Heroic Play Toolbar" entfernen
    Anleitungen, FAQs & Links - 18.02.2014 (2)
  9. Musik herunterladen auf Google Play?
    Smartphone, Tablet & Handy Security - 28.01.2014 (0)
  10. 32 Abzock-Apps bei Google Play
    Nachrichten - 19.04.2013 (0)
  11. Werbung (Radio) im Hintergrund!
    Antiviren-, Firewall- und andere Schutzprogramme - 13.06.2012 (1)
  12. Plug-&-Play Monitor / F1-Problem
    Netzwerk und Hardware - 15.04.2012 (3)
  13. geister?? ich höre radio, ohne dass ein entsprechendes program läuft
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (0)
  14. TV & Radio Stream mit VLC
    Alles rund um Mac OSX & Linux - 10.07.2009 (0)
  15. Musik vom I-Net Radio
    Alles rund um Windows - 08.06.2007 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Play Now Radio entfernen - Hallo Meine Frau hat sich einen Trojaner eingefangen und ich versuchte es mit Sophos und Netzwerk-Port-Scanner www.gfisoftware.de zu entfernen. Ohne Erfolg. Nachfolgend die OTL Files. Kann mir jemand helfen? Martin - Trojaner Play Now Radio entfernen...
Archiv
Du betrachtest: Trojaner Play Now Radio entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19