![]() |
Trojaner Play Now Radio entfernen Hallo Meine Frau hat sich einen Trojaner eingefangen und ich versuchte es mit Sophos und Netzwerk-Port-Scanner www.gfisoftware.de zu entfernen. Ohne Erfolg. Nachfolgend die OTL Files. Kann mir jemand helfen? Martin OTL Extras logfile created on: 03.03.2014 20:11:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16798) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.76 Gb Total Physical Memory | 5.62 Gb Available Physical Memory | 72.38% Memory free 8.95 Gb Paging File | 6.72 Gb Available in Paging File | 75.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 422.72 Gb Total Space | 382.23 Gb Free Space | 90.42% Space Free | Partition Type: NTFS Drive D: | 25.00 Gb Total Space | 22.11 Gb Free Space | 88.42% Space Free | Partition Type: NTFS Computer Name: CHRISTINAS | User Name: Christina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe -scanunknown "%1" (Nico Mak Computing) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe -scanunknown "%1" (Nico Mak Computing) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03CDEB95-87DD-4542-B6DF-E092A8AB2EF0}" = rport=138 | protocol=17 | dir=out | app=system | "{1DB591D8-27D2-47C8-9216-EBFF052914E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{209992CE-5199-466C-B3F5-FFC9BA5FFC26}" = lport=138 | protocol=17 | dir=in | app=system | "{29570876-5E39-4C0A-A559-38CDDA1E1AFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{321EC4DD-ADEA-4FB1-9639-ED040D9FD90F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{48FBDEB4-5C56-4476-9F97-A36E6666B76C}" = rport=10243 | protocol=6 | dir=out | app=system | "{512568D5-5DF5-4971-8A92-26EB0D7BE85C}" = lport=445 | protocol=6 | dir=in | app=system | "{63EB8ED5-C268-464A-94C0-0FD231EBCCA1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B8893E4-70E0-44E8-BB7A-E46420EAB1CB}" = lport=2869 | protocol=6 | dir=in | app=system | "{7EE48E76-8F4C-440D-A335-B27BC929726E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8BA9ED6B-EA72-4F4A-B0AC-324701DAD8A2}" = lport=137 | protocol=17 | dir=in | app=system | "{8D962953-991C-4F97-8025-F00716E7FC38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A40D1396-E58D-4F03-A6FB-88930157C871}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AF6A85A4-C2B0-4D6D-8315-1ADD10A86C1A}" = rport=137 | protocol=17 | dir=out | app=system | "{BB44B4E1-ED42-4180-8FF4-F871BF26C7F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CD638D9F-167E-4AB4-B72E-245C0AC074DE}" = rport=139 | protocol=6 | dir=out | app=system | "{E3C7598E-D4E0-40FB-8797-9E729167B8A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E99903F6-928C-43D5-B47A-B385A1CE5BCC}" = lport=10243 | protocol=6 | dir=in | app=system | "{F4D67211-130D-4630-AB26-3A0FF8870389}" = rport=445 | protocol=6 | dir=out | app=system | "{FC3F0181-9656-431E-A691-CA95BAC7FDA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FC9E704A-20E3-42EA-A252-8CCD63D0826F}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AA52A3-2A6D-40A7-877A-5CF994CB046F}" = dir=in | name=evernote touch | "{03D292C5-548D-45A1-AF88-1837C0260ABA}" = protocol=6 | dir=out | app=system | "{05680C09-BE3D-4E4B-A490-5200984E7EB4}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{069E3D0D-8E0A-4F61-AB7A-5C30793237CE}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{11616EC5-A774-4F20-AD21-D4BD75FF367A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{120FD8A8-EF84-4830-8873-3E8890A7D0D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{19EEFA8C-16D9-4DCF-BB4A-7BAD765F01F0}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{1C7F36BA-A519-4926-BBA1-44C791F206DD}" = dir=out | name=lenovo companion | "{1CC70A60-0D84-4700-9394-5B579EE5945A}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{1E0FAB51-0806-409A-AB71-2EE5D7FB9109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2042523A-D3C7-4BC0-9A6D-B7E70C6764D6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{2DA3FFE7-8D3A-42EA-98E7-AADEC26D4665}" = dir=out | name=mcafee® central for lenovo | "{33790F44-FA35-4940-9690-3977E278401B}" = dir=out | name=accuweather for windows 8 | "{402F72D1-9432-417F-9A2C-BCA9B261AC3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{441CB82A-A61F-4A11-8320-170B1A74B72D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4C393BB1-B859-439B-B6C8-D816D1063550}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{4D664A1B-8FB7-44B5-8CFC-9DD96A952FAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{60F5DBB5-8AD7-473D-83BF-778B76A5D752}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6334721A-B071-486C-98FC-339B571E56E0}" = dir=out | name=@{microsoft.zunevideo_1.5.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{63B3067D-F463-44B5-A994-5FD7E3AB1EE2}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{6480AE67-2A02-46D8-89F1-2D3F6674757F}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | "{67531061-6B51-4578-8324-5CBCE0AEE364}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{6766FB36-B427-4357-AABB-7365F9777E40}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6D181FE2-B758-42CB-B3C8-F61E481A15E5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{73C748EE-6FBB-49FA-B3E6-567DD5D5C39E}" = dir=out | name=windows_ie_ac_001 | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{8224521D-E7AC-4A99-BB8A-B1137BB63EE0}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{88FE8558-9C4B-49C2-9D6F-7D2CE4CB4F59}" = dir=out | name=skype | "{8B684B2E-D32E-40B1-B0BC-A038478340A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8C4719BC-C22A-401C-B912-E2EA2C55E92F}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{8C7A9EDA-CAE4-47D5-A10C-05758FDE419A}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{8E38E59E-BBCE-4C0E-BEDF-B73AF4828F7F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{8E79AE55-7E18-4108-B6A3-9665A75988A6}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{972B0EFA-AD1D-4BAF-82F2-05AE49685E2C}" = dir=out | name=lenovo support | "{9B94B61B-FB1D-467A-AAA6-17AF06A442CA}" = dir=out | name=lenovo cloud storage by sugarsync | "{9E065624-FF1F-4758-8292-E5C05D03E245}" = dir=out | name=zinio | "{A1664BD9-95EC-4DD7-A4BD-1022B2E2FF92}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{AC50CCE6-734D-45FF-9BCF-4E9706215FDA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{AC8D5682-E15F-4658-819C-D824DD6D1B9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B17A3A27-834D-40E7-944F-F996627280C3}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{B1924FF9-9A06-41F3-AF80-2F821F956601}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B60A7A52-5A30-4239-BBBB-5FB648649D66}" = dir=out | name=intel® experience center | "{BB80DFEB-E720-4756-81FF-F28DAF015AC1}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{BBB4E9A7-EC6B-4D9C-8F49-118BAC136F4C}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{BC09A389-DDE8-459F-A224-583002195582}" = dir=in | name=mcafee® central for lenovo | "{BCDA1441-50E2-4BCD-8472-7408C103D896}" = dir=out | name=evernote touch | "{C1158AD7-4E33-411C-8556-C5247A0CA88C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C1A129DF-960B-4119-980C-6CA1E2234AC2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{CD6F1222-CCA0-4699-8FE3-1B0C5E3B3AF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D4BDED8C-3576-4C53-9995-8A0CD8B356D4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{D8DA14D7-A812-4D63-A719-362C579D09F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D92C549D-2C52-4FEF-9FDA-C66C08D75493}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | "{DB2C5D45-A571-4EDA-959A-E22CFA8F2E14}" = dir=in | name=skype | "{DBB4EAC9-A408-41A3-BC53-CDAD99A62AFC}" = dir=in | name=accuweather for windows 8 | "{DC8CE363-EC49-43BC-9540-7FCA1662DF66}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{DD38C8CD-4407-475E-B928-7ED7AA836CF0}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | "{E0AE0558-FC16-4673-8BB2-4C60C22E3681}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E2805859-6BCF-4865-877E-117F4F0E0D02}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E4EE5A56-F7FD-4FB1-85AB-E1FF654C9F49}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{E6F0F4AA-7490-4292-A883-0B00FF8BD087}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{F724A95C-B67E-4EDA-8D08-76FAD022AC55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09888C31-E15A-4E69-AF26-4BFCEE55821B}" = Intel(R) Experience Center Driver "{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel(R) PRO/Wireless Driver "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2368907C-E8F6-4750-A023-254C3E2B5E8D}" = Classic Shell "{302600C1-6BDF-4FD1-1304-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology "{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{8B11A672-F039-4B14-867C-3F0209ADC85A}" = Intel(R) Rapid Storage Technology "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software "{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}" = Intel(R) Smart Connect Technology 4.1 x64 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E" = Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) "8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) "Elantech" = Lenovo pointing device "HomeStudentRetail - de-de" = Microsoft Office Home and Student 2013 - de-de "Lenovo VeriFace" = Lenovo VeriFace "LenovoExperienceImprovement" = Lenovo Experience Improvement "Motion Control" = Motion Control [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{16660b76-bdc5-47cf-b28d-846120a1ee76}" = Intel(R) Experience Center Driver "{20D9D0D9-1659-4775-992E-5F5650AD9B87}" = Intel(R) Update Manager "{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{8EC141DE-D310-4A57-B363-02E00627B3F0}" = Cisco AnyConnect Secure Mobility Client "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool "{C73A16B7-AC35-4262-9BAF-DA9B2039A563}" = Intel Experience Center - Configuration "{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Intel® PROSet/Wireless Software "{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera "{e4fefc02-cd6c-45e3-8974-e7357e71da40}" = Intel(R) Experience Center Desktop Software "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}" = Realtek Card Reader "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "Intel AppUp(SM) center 33057" = Intel AppUp(SM) center "SugarSync" = SugarSync Manager "WinZip Malware Protector_is1" = WinZip Malware Protector ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = Error - 04.02.2014 05:42:48 | Computer Name = Christinas | Source = acvpninstall | ID = 67108866 Description = [ Cisco AnyConnect Secure Mobility Client Events ] Error - 03.03.2014 14:52:03 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp Line: 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 03.03.2014 14:52:03 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp Line: 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 03.03.2014 14:52:03 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866 Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp Line: 1651 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 03.03.2014 14:52:04 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866 Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute File: .\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface Return Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 03.03.2014 14:52:21 | Computer Name = Christinas | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 03.03.2014 14:52:57 | Computer Name = Christinas | Source = acvpnui | ID = 67108866 Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 03.03.2014 14:52:57 | Computer Name = Christinas | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1352 NULL object. Cannot establish a connection at this time. Error - 03.03.2014 14:56:52 | Computer Name = Christinas | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 03.03.2014 14:56:52 | Computer Name = Christinas | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 03.03.2014 14:56:52 | Computer Name = Christinas | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL [ System Events ] Error - 01.02.2014 14:52:54 | Computer Name = Christinas | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error - 07.02.2014 04:59:57 | Computer Name = Christinas | Source = DCOM | ID = 10010 Description = Error - 07.02.2014 08:19:58 | Computer Name = Christinas | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 08.02.2014 11:51:44 | Computer Name = Christinas | Source = DCOM | ID = 10010 Description = Error - 11.02.2014 08:25:29 | Computer Name = Christinas | Source = DCOM | ID = 10010 Description = Error - 11.02.2014 08:43:29 | Computer Name = Christinas | Source = DCOM | ID = 10016 Description = Error - 11.02.2014 08:44:14 | Computer Name = Christinas | Source = DCOM | ID = 10010 Description = Error - 13.02.2014 09:02:42 | Computer Name = Christinas | Source = DCOM | ID = 10010 Description = Error - 19.02.2014 09:56:11 | Computer Name = Christinas | Source = DCOM | ID = 10010 Description = Error - 19.02.2014 10:02:33 | Computer Name = Christinas | Source = DCOM | ID = 10016 Description = < End of report > OTL logfile created on: 03.03.2014 20:11:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16798) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.76 Gb Total Physical Memory | 5.62 Gb Available Physical Memory | 72.38% Memory free 8.95 Gb Paging File | 6.72 Gb Available in Paging File | 75.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 422.72 Gb Total Space | 382.23 Gb Free Space | 90.42% Space Free | Partition Type: NTFS Drive D: | 25.00 Gb Total Space | 22.11 Gb Free Space | 88.42% Space Free | Partition Type: NTFS Computer Name: CHRISTINAS | User Name: Christina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christina\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Users\Christina\AppData\Roaming\playnowradio\playnowradio\1.3.4.8\playnowradio.exe (Pay By Ads LTD) PRC - C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe () PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Nico Mak Computing) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ed4fbf6eba111d2ada042efdf04c71d8\System.Web.Services.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8247f75caaf7998b9f83b3db63aa5577\System.Transactions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\4072854914b5242ee6edc2746a0323eb\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\5e51607268847697475a997106ff09bc\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ea1456f24ec82177f7668e05dc3be08b\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\025c33a6501815a024f28a2f71add897\CustomMarshalers.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\ed6aff05ea612a7e6ef78fc8f95842e6\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\a3bbd31431d7ba74c429588f8532a231\Accessibility.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9fd292dfdb6f603ef866ad1844e1c59c\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a25f0fba1eabe72621a562b30081bcaa\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\877505b0899d28885b04e71cf0358fc7\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\e88b2ec7cc5b1f23dd9a8322f016fe06\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\dc8da0badb9b3a5c24ad7756900f3325\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\87a46d23bf6d209a5590e0fd66fdb68d\mscorlib.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d7aaae3b1c95a1a658446d302b9a7f88\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\11b4af16e791a6b0ada4a97d3e64e27a\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\61be23d6a688188e3419a1eb46fc9d9d\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ffb7bbc6548ff34bc125a8fec79315dc\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\f0602360211041a6be208f0b4138dddd\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll () MOD - C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll () MOD - C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll () MOD - C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll () MOD - C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll () MOD - C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe () MOD - C:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll () MOD - C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll () MOD - C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL () MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll () MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll () MOD - C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () ========== Services (SafeList) ========== SRV:64bit: - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe File not found SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV:64bit: - (ISCTAgent) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe () SRV:64bit: - (ETDService) -- C:\Program Files\Elantech\ETDService.exe (ELAN Microelectronics Corp.) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (VeriFaceSrv) -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe () SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys () DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\Drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\Drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew02.sys (Intel Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\Drivers\vpnva64-6.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\Drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\Drivers\rtsuvc.sys (Realtek Semiconductor Corp.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\TeeDriverx64.sys (Intel Corporation) DRV:64bit: - (RTSPER) -- C:\Windows\SysNative\Drivers\RtsPer.sys (Realsil Semiconductor Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ibtusb) -- C:\Windows\SysNative\Drivers\ibtusb.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (ISCT) -- C:\Windows\SysNative\Drivers\ISCTD64.sys () DRV:64bit: - (imsevent) -- C:\Windows\SysNative\Drivers\imsevent.sys () DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\Drivers\ikbevent.sys () DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.) DRV:64bit: - (ETDSMBus) -- C:\Windows\SysNative\Drivers\ETDSMBus.sys (ELAN Microelectronic Corp.) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (AX88772) -- C:\Windows\SysNative\Drivers\ax88772.sys (ASIX Electronics Corp.) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\Drivers\wsvd.sys ("CyberLink) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9554211E-0D5B-4461-A53F-A87B5979966E} IE:64bit: - HKLM\..\SearchScopes\{9554211E-0D5B-4461-A53F-A87B5979966E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9554211E-0D5B-4461-A53F-A87B5979966E} IE - HKLM\..\SearchScopes\{9554211E-0D5B-4461-A53F-A87B5979966E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com [binary data] IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.tagesanzeiger.ch/http: [Binary data over 200 bytes] IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/ IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\..\SearchScopes,DefaultScope = {E94804C2-4148-472F-9570-A2489E86F75D} IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\..\SearchScopes\{E94804C2-4148-472F-9570-A2489E86F75D}: "URL" = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1403 IE - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEnco ding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_1403 CHR - plugin: Error reading preferences file CHR - Extension: Google Docs = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\ CHR - Extension: Google Drive = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\ CHR - Extension: YouTube = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\ CHR - Extension: Google-Suche = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\ CHR - Extension: Google Wallet = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Google Mail = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4:64bit: - HKLM..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtsFT] C:\windows\RTFTrack.exe (Realtek semiconductor) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001..\RunOnce: [Uninstall C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found O4 - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001..\RunOnce: [Uninstall C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" File not found O4 - HKU\S-1-5-21-3007496712-1317052605-2238956158-1001..\RunOnce: [Uninstall C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C73D1A5-20D3-43E9-ABD7-7EF99B5CA71E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E74F8738-60FB-429D-8240-CDB0D910E4BA}: DhcpNameServer = 127.0.0.1 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.03.03 20:10:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe [2014.03.03 19:55:45 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Nico Mak Computing [2014.03.03 19:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector [2014.03.03 19:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Nico Mak Computing [2014.03.03 19:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Malware Protector [2014.03.02 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2014.03.02 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2014.03.02 19:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2014.03.02 13:40:26 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd [2014.03.02 13:40:21 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\playnowradio [2014.02.21 07:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive [2014.02.13 14:13:32 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys [2014.02.13 14:12:41 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2014.02.13 14:12:28 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdrm.dll [2014.02.13 14:11:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2014.02.13 14:11:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll [2014.02.13 14:11:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2014.02.13 14:11:49 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll [2014.02.13 14:11:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2014.02.13 14:11:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2014.02.13 14:11:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2014.02.13 14:11:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2014.02.13 14:11:47 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll [2014.02.13 14:11:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2014.02.13 14:11:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2014.02.13 14:11:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2014.02.13 14:11:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2014.02.13 14:11:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2014.02.13 14:11:17 | 003,960,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2014.02.13 14:11:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2014.02.13 14:09:56 | 003,842,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll [2014.02.13 14:09:55 | 002,238,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll [2014.02.04 10:42:49 | 000,112,080 | R--- | C] (Cisco Systems, Inc.) -- C:\windows\SysNative\drivers\acsock64.sys [2014.02.04 10:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2014.02.04 10:42:47 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Cisco [2014.02.04 10:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.03.03 20:10:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe [2014.03.03 20:08:00 | 000,001,138 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2014.03.03 20:00:35 | 000,001,354 | ---- | M] () -- C:\Users\Christina\Desktop\Play Now Radio.lnk [2014.03.03 19:57:39 | 003,630,792 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2014.03.03 19:57:39 | 000,791,060 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat [2014.03.03 19:57:39 | 000,782,014 | ---- | M] () -- C:\windows\SysNative\perfh010.dat [2014.03.03 19:57:39 | 000,754,172 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2014.03.03 19:57:39 | 000,711,282 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2014.03.03 19:57:39 | 000,156,362 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2014.03.03 19:57:39 | 000,155,620 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat [2014.03.03 19:57:39 | 000,153,144 | ---- | M] () -- C:\windows\SysNative\perfc010.dat [2014.03.03 19:57:39 | 000,133,150 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2014.03.03 19:55:41 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\WinZip Malware Protector.lnk [2014.03.03 19:53:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2014.03.03 19:52:41 | 000,001,134 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2014.03.03 19:52:05 | 000,034,752 | ---- | M] () -- C:\windows\SysNative\drivers\WPRO_41_2001.sys [2014.03.03 19:51:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014.03.03 19:51:07 | 2369,167,359 | -HS- | M] () -- C:\hiberfil.sys [2014.03.03 19:50:35 | 000,002,560 | ---- | M] () -- C:\windows\SysNative\VfService.trf [2014.03.02 19:22:37 | 000,003,185 | ---- | M] () -- C:\Users\Christina\Desktop\Sophos Virus Removal Tool.lnk [2014.03.02 18:41:59 | 000,010,382 | ---- | M] () -- C:\Users\Christina\AppData\Local\WiDiUtilsLog.20140302.184156.wdl [2014.02.26 19:11:29 | 000,028,900 | ---- | M] () -- C:\Users\Christina\AppData\Local\WiDiSetupLog.20140226.191015.wdl [2014.02.24 10:10:34 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014.02.17 23:03:37 | 000,694,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2014.02.17 23:03:37 | 000,078,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.03.03 19:55:41 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\WinZip Malware Protector.lnk [2014.03.03 19:55:34 | 000,020,480 | ---- | C] () -- C:\windows\SysNative\wsusnative64.exe [2014.03.03 19:40:05 | 000,001,354 | ---- | C] () -- C:\Users\Christina\Desktop\Play Now Radio.lnk [2014.03.02 19:22:37 | 000,003,185 | ---- | C] () -- C:\Users\Christina\Desktop\Sophos Virus Removal Tool.lnk [2014.03.02 18:41:56 | 000,010,382 | ---- | C] () -- C:\Users\Christina\AppData\Local\WiDiUtilsLog.20140302.184156.wdl [2014.02.26 19:10:15 | 000,028,900 | ---- | C] () -- C:\Users\Christina\AppData\Local\WiDiSetupLog.20140226.191015.wdl [2014.02.13 14:13:32 | 000,385,614 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2014.01.16 14:18:19 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2014.01.16 13:26:07 | 000,002,792 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\AbsoluteReminder.xml [2013.10.31 01:43:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013.10.31 01:27:28 | 003,624,158 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.10.31 01:17:00 | 019,587,072 | ---- | C] () -- C:\windows\SysWow64\igdfcl32.dll [2013.10.31 01:17:00 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2013.10.31 01:17:00 | 000,103,936 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll [2013.02.13 20:27:54 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.07.25 21:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.07.25 21:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2014.03.03 20:06:56 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.08.02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.08.02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.03.03 19:52:38 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\ClassicShell [2014.03.02 13:40:33 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd [2014.03.03 19:55:45 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Nico Mak Computing [2014.03.02 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\playnowradio ========== Purity Check ========== < End of report > |
:hallo: Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Downloade dir bitte ![]()
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
Mbar.exe meldet --> keine Malware gefunden und somit ist der Clean-up button auch inaktiv. Trotzdem erscheint mir beim Explorer immer wieder ein Fenster mit diversen Meldungen resp. Warnungen oder "Empire-Game-Werbung". Martin |
Servus, Schritt 1 Downloade Dir bitte ![]()
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade Dir bitte ![]()
Schritt 4 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste mit deiner nächsten Antwort
|
Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.08.03 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16798 Christina :: CHRISTINAS [Administrator] Schutz: Aktiviert 08.03.2014 10:23:22 mbam-log-2014-03-08 (10-23-22).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214022 Laufzeit: 5 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Cool Mirage Ltd\gophotoit (PUP.Optional.GoPhoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 7 C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd\1.8.29.5 (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd\gophotoit (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5 (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christina\AppData\Local\Temp\mt_ffx\Cool Mirage Ltd (PUP.Optional.ToolBarInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christina\AppData\Local\Temp\mt_ffx\Cool Mirage Ltd\gophotoit (PUP.Optional.ToolBarInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christina\AppData\Local\Temp\mt_ffx\Cool Mirage Ltd\gophotoit\1.8.29.5 (PUP.Optional.ToolBarInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\Users\Christina\AppData\Local\Temp\playnowradio.exe (PUP.Optional.Montiera) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd\sqlite3.dll (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christina\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 8 x64 Ran by Christina on 08.03.2014 at 10:01:03.36 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.03.2014 at 10:06:25.64 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Christina on 08.03.2014 at 10:47:57.07. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Christina\Downloads\zoek\zoek.exe [Scan all users] [Script inserted] ===== Runcheck 10:49:03.98 ===== --- Create Environment Variables 10:49:05.37 --- Create System Restore Point 10:49:12.39 --- Checking Input 10:49:15.01 --- AU AppData Check 10:49:18.47 --- Remove From Windows Installer 10:49:21.64 Cisco AnyConnect Secure Mobility Client 3.1.04063 VPN Statistics Details (Sat Mar 08 13:32:26 2014 ) Connection Information State: Disconnected Tunnel Mode (IPv4): Not Available Tunnel Mode (IPv6): Not Available Duration: 00:00:00 Address Information Client (IPv4): Not Available Client (IPv6): Not Available Server: Not Available Bytes Sent: 0 Received: 0 Frames Sent: 0 Received: 0 Control Frames Sent: 0 Received: 0 Client Management Administrative Domain: Not Available Profile Name: Not Available Transport Information Protocol: Unknown Cipher: Unknown Compression: None Proxy Address: No Proxy Feature Configuration FIPS Mode: Disabled Trusted Network Detection: Disabled Always On: Disabled Secure Mobility Solution Status: Not Available Appliance: Not Available |
Alle Zeitangaben in WEZ +1. Es ist jetzt 15:01 Uhr. |
Copyright ©2000-2025, Trojaner-Board