| |
| |||||||
Log-Analyse und Auswertung: Malware (viren) eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.03.2017, 16:46
| #1 |
| |  Malware (viren) eingefangen Hallo. Ich glaube, einen Virus auf dem PC (Win8) bekommen zu haben (Angriff war sichtbar auf dem Bildschirm zu sehen). Mein McAffee lässt sich nicht mehr öffnen (angezeigt wird nur ein weisses leeres Fenster), auch nicht deinstallieren oder sonst noch was. Auch die McAffee removal SW kann nichts ändern. Hab im Netz gegoogelt und Euere Seite mit "OTL.exe" download gefunden. Danach habe ich einen check (wie ihr beschrieben habt) gemacht. Die Inhalte der "extras.txt" und "otl.txt" sind unten beigelegt. Hoffe mir kann geholfen werden die trojaner wegzubekommen und McAffee deinstalliert zu bekommen (wurde gerne eine andere Antivirus sw installieren). Vielen Dank. Spomi extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.03.2017 16:40:31 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruker\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
3,71 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 31,19% Memory free
4,34 Gb Paging File | 1,68 Gb Available in Paging File | 38,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,16 Gb Total Space | 136,63 Gb Free Space | 61,23% Space Free | Partition Type: NTFS
Drive D: | 224,36 Gb Total Space | 224,23 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Bruker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2598525157-2036842401-3517805176-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Users\Bruker\AppData\Roaming\FileOpenerWindows\wfo.exe "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Users\Bruker\AppData\Roaming\FileOpenerWindows\wfo.exe "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C78CA7-7F20-4F46-AC79-AA942DC67A01}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26810F91-8D18-4F27-BC68-5FDC98F433A0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5EEDCF0E-71D8-41E5-AF1B-96947584E63E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{874201D2-25F2-4A7C-8C2F-A56AB4B20D8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4C10E0F-8F7B-4EA9-9CE6-512655062D15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBE2BEDE-3AB2-4B54-A547-37F8F22176A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD707BA5-46CA-4C67-8645-61963ED954F1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D741A715-7697-4C32-9291-D3C32924E2C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3E3B88F-D5F8-4EC5-A888-CF0A48F0A0FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051F4C55-EDF5-43AE-9BC5-B724842067D7}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{09D8915A-9EFF-401A-9D63-BCD276BF3EF8}" = dir=out | name=windows_ie_ac_001 |
"{0DA14629-64F4-4152-A74E-DAAF0163D106}" = dir=out | name=tunein radio |
"{13619121-5433-4224-A545-80E962B02091}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\playstv\playstv.exe |
"{137206CA-3EA5-4F6B-B939-6BE29DFA3433}" = dir=out | name=sonicwall mobile connect |
"{1798BE8E-A94D-457D-8E71-8060ADE25444}" = dir=out | name=shark dash |
"{1A1E2549-42B1-4DC9-9F8A-BD0E032F9021}" = dir=in | name=packard bell explorer |
"{1BD07C7D-00F4-4A89-AC7A-50DF89CFC1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe |
"{213B49C0-2FEF-4E6D-9E24-6D77B8CFB65E}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{232E5D59-CF2A-44C7-BA4C-F418FA799171}" = dir=out | name=onenote |
"{266CD18E-DF80-4740-BB55-99EF3A979EF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2918E9D7-459D-47F8-92B5-DD54FED07BD7}" = dir=out | name=@{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{2C91E285-FCB9-43FA-89B7-9FBCF3CB51A5}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\playstv\playstv.exe |
"{30365564-04D4-4319-892B-418E260E161B}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{3077A3C2-91F2-4900-862D-FB93451DD168}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr_im.exe |
"{307A1909-9A5C-4EED-8E98-8BDA41E914BC}" = dir=out | name=the treasures of montezuma 3 |
"{35BE0217-C765-49C5-8D81-C7F619A70C66}" = dir=out | name=@{microsoft.zunemusic_2.2.903.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{364A6997-C4B5-4548-9A97-EA91335C8015}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{38F36F0B-7D7B-4B32-A0E3-1A81CB5DF74D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{3C2DCC49-60EA-439C-B16B-72761604D9EC}" = dir=in | name=juniper networks junos pulse |
"{3CE47416-A0A0-4127-8AD7-19D23DC3762D}" = dir=in | name=f5 vpn |
"{3DEEB46E-FD9A-4589-A2BF-BC5A80E7D27D}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{3E1E7B80-14DA-41F1-813A-3911FE1F6C3A}" = dir=out | name=@{microsoft.bingnews_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{3F1BDFC7-3FFA-4841-B216-35F28D904060}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{405B8EF9-F0A6-40E6-8BBD-29C31D7998F2}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4696DD24-377C-4BE1-B92E-7AA1FC0B90CB}" = dir=out | name=check point vpn |
"{49358481-EB7D-45E4-B70C-2A5189F45498}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{501C2B31-4C5B-4005-8B2D-83BCC142F3A8}" = dir=out | name=windows_ie_ac_001 |
"{51ADEA1D-7697-4D5E-855F-6AD7D169E3A2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{55BB3EDA-1433-432F-97C3-C22BCD22CBD5}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5B1DE5ED-34E4-41C1-9218-BA62B6970814}" = dir=out | name=pinball fx2 |
"{5DC15486-77C5-439D-96D8-EDE73B539B61}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{5E0C03CF-D5BD-4ADC-A2B9-66E2D1993F22}" = protocol=6 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe |
"{5E71CD3C-0AF2-406D-9835-B38DD336DCAB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{647034C0-3541-4466-989E-0C6FCB7EA545}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{67B00CCF-53C9-43E8-BCDD-400ED72C428F}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{67B83F85-FE9F-4481-B5B5-B15B01A97129}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{682A1EBC-31DB-4832-AEED-1184F574E3F0}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6C275C5E-3615-4BF7-BC92-9A12EA60E460}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DA1C6CC-30E8-462A-8EF3-B911CCDE7B98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F09B1C7-8C55-4E7B-9FEA-EA7A9B01F9AC}" = dir=out | name=7digital music store |
"{746D29E1-B741-4684-BCEC-51C66CE78848}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe |
"{7592B4AE-09C3-4AF4-85C4-435F91F21666}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{763F4781-ED8C-4031-BF5D-D82E28E62F5C}" = dir=out | name=@{microsoft.bingtravel_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{774AE87A-8A33-4F64-9707-3D120A3D3AB6}" = dir=out | name=juniper networks junos pulse |
"{79DEEB56-48B2-45DB-8A86-FA1A8A3CBBC9}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{7B0D2DA3-6DB6-4E9E-B944-E4C47425426A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr.exe |
"{7BF44F3D-8580-4EBF-A798-5CC1FD85B5E7}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{7CB67595-D60E-4582-B31A-315D12D124B7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{7E216707-A462-47DE-9A67-ACBCE68220C9}" = dir=out | name=microsoft mahjong |
"{7F560EA1-05DE-4184-8CD2-F28BE9535A71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81F3D17C-BAC0-47E8-A887-1E6162BBB791}" = dir=out | name=microsoft solitaire collection |
"{8418AECB-49DE-4A14-96FD-10C7FEF7EFF6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{8D636DA7-A24F-4F11-9F8D-D416045B67D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{916821B9-2086-4416-84C7-CC626FA03B06}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{93322E97-E2D4-4EDE-A550-7574168C3364}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr_im.exe |
"{96276E2B-BFB2-4024-B32A-F380BF1879F6}" = dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9928E862-9B4A-4E4A-8DFD-E33941EAA5E0}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A31795CD-E4CA-4F6A-8BEF-C62ED2E838AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A476087D-05E7-4B4B-B883-912E50B23DF1}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A5B2059A-9B23-45F1-A4B9-B698DD6AD601}" = dir=in | name=check point vpn |
"{A6C1BCC9-B26A-45B8-B35A-6F6D46D955CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA554A21-A328-46F8-903B-E3CF0FA945F1}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr.exe |
"{AAEE3095-4F59-4B4B-ABFF-00EA78456DA7}" = dir=out | name=kindle |
"{AD18F4EE-52DC-4A71-AB6C-5F3131E85F4E}" = dir=in | name=newsxpresso |
"{AD7CC870-5278-4B64-A2C1-D91C51CF2C09}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{AF3DFD63-978A-4D17-B85C-20C7AC15F0ED}" = dir=out | name=windows_ie_ac_001 |
"{B262AE8E-6CE8-4737-B0C8-694F7BFF41E5}" = dir=out | name=skype |
"{B4B32FF7-EC7A-4B23-B4E9-07C36C442748}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{B572B690-DE16-4308-B69A-3AE749AE20B3}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{B94C9B30-C09A-4D53-AB31-7A4CB9FD02A7}" = dir=out | name=cut the rope |
"{BD594A6A-E030-4774-B930-EB2E12D50BDB}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{C218E1B6-CBBE-4FBB-8823-CB207C877ADE}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{C5BF0244-54C3-408E-8C6C-067DB829C5CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C71888DE-7F04-43CA-986E-A2183868E2C9}" = dir=out | name=newsxpresso |
"{C762717B-A782-44F1-B05E-1DADE3943189}" = dir=out | name=taptiles |
"{CA6E7064-FE14-405A-9807-E399BCF29771}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{CB6E2AA8-A059-4781-9DB3-19739DD7A6C0}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{CDD14842-38EF-48AC-8A4A-9817F901D4A3}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{CE9992B7-679B-48C1-B10D-941821BCD4B3}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{D308FA15-E57C-4531-92D0-6990D430B412}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D78A7CCE-334C-4A14-9CC0-173A66AB7CC7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{D7CFD691-5715-43FB-8C99-63B7DF8DF465}" = dir=in | name=sonicwall mobile connect |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DD0EEE70-1B7D-4EE6-98E5-FD07BE4D571A}" = dir=out | name=packard bell explorer |
"{DF084E71-1CF2-4AFC-B67B-099F5D27F886}" = dir=in | name=onenote |
"{E291BB0B-269C-488D-8DD6-0AB8FC9C78B2}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{E57D2E52-6F68-44A0-BC25-3AD66524B9F6}" = dir=out | name=@{microsoft.bingweather_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{E5C612B8-45D2-422C-B22A-AD9492201EC7}" = protocol=6 | dir=out | app=system |
"{E5DB087C-A978-4A36-A64F-3C07A86A945B}" = dir=out | name=weatherbug.a |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9A10915-17F9-4630-BF56-037187945FFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA5F6C16-21DF-46D9-B558-BC37DB008952}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ECCFE443-D119-4602-B9E1-A111C9A8F2EE}" = dir=out | name=f5 vpn |
"{F1A0594F-11F1-42BC-9BFB-107958DDE0BE}" = dir=out | name=netflix |
"{F278416C-AE3C-4379-9337-EAA8D08934BA}" = dir=out | name=wordament |
"{F27AA47E-13A0-4C45-A5B4-DB6E85BAA5CB}" = dir=out | name=microsoft minesweeper |
"{F5AD4103-6906-4A93-A155-4787E887404D}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F836093A-DDB8-4BD0-9C27-07C966D0EE32}" = dir=in | name=pinball fx2 |
"{FDD96F64-458B-4649-9D9B-3D4558EF7A4F}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{FECCB6B5-A373-4057-9F3C-177CFCD2AD4F}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"TCP Query User{1FD62684-5B7F-442F-BCE8-674DE7224D1E}C:\program files (x86)\acer remote\arcserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe |
"TCP Query User{29E71704-8472-4D1A-9819-B329FDA266C0}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{75C86F12-2372-4B5C-80BC-EDE4E668E2FE}C:\mamp\bin\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\mamp\bin\apache\bin\httpd.exe |
"TCP Query User{7AEC39E8-4DFE-4600-AE30-D4904C69E244}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{85E6F059-0AB4-4D77-9AB1-55674ECE2FCE}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe |
"TCP Query User{F807E15D-AA84-42AC-A2B6-CBAB48813AAB}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{1A96D1B9-04DF-4980-8F2C-2D7374EFBF31}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{435304AD-ECF1-4369-9D11-F37F6E824911}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{6A23648B-5B83-4128-A023-C77C93438E18}C:\program files (x86)\acer remote\arcserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe |
"UDP Query User{85D2C92D-F2C2-4649-82CB-E4FBE502C47A}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe |
"UDP Query User{96072382-2633-4101-8300-8D5F677B0B48}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C5478571-D36C-4881-A6D3-2206F2096E34}C:\mamp\bin\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\mamp\bin\apache\bin\httpd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Packard Bell Recovery Management
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E5AC9F2-19C8-0CA1-034B-A3056AD67E1C}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572C982F-95F5-0562-AE8F-8A9D7D024A88}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Packard Bell Power Management
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{98BB5224-BC5D-4028-9D20-536C1C263AA9}" = Classic Shell
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A5CBF1CC-18D8-C035-6E64-9EEB58851B01}" = AMD Fuel
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AEA7FB3E-3A75-3F9C-C5B5-85998C8A2F81}" = ccc-utility64
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{DBF565E2-B42B-B256-7DC8-B6240C53EF0D}" = AMD Accelerated Video Transcoding
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{086E1D65-EF19-280C-5616-7A87A6B95F88}" = CCC Help Swedish
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{1398DDAD-B984-275D-C61E-A1C5152450F8}" = CCC Help Finnish
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1935505D-28FE-0FFE-9EB6-6AF73397C7BE}" = CCC Help Turkish
"{1D9F8C88-F76A-6B07-2276-98DF1173901B}" = CCC Help Spanish
"{1E2ABB89-F7F3-8D64-3345-27E5735AA20C}" = CCC Help Chinese Standard
"{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}" = Adobe Touch App Plugins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF18EF2-2B14-CCFD-56FE-C5A84F66689C}" = CCC Help Hungarian
"{221BFD98-55F8-C64E-C2FA-56694133DB69}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83218045F0}" = Java 8 Update 45
"{26A24AE4-039D-4CA4-87B4-2F83218091F0}" = Java 8 Update 91
"{27282E77-DB14-5769-2032-F381343DAA31}" = CCC Help Japanese
"{27D49E0E-422F-C9D3-56BC-CF0881C7A477}" = CCC Help Chinese Standard
"{2904E0A2-B74F-EFAD-A523-46D0F64B3B4A}" = CCC Help Finnish
"{2BC2EDB2-6F5C-3058-D312-B991AB26E870}" = CCC Help Thai
"{2E8B87B9-DBD2-B5A1-B1A7-C4228CFC193A}" = CCC Help Thai
"{2EE2F065-4B50-F7C4-5F6D-DA25874A0D0B}" = CCC Help Russian
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee WebAdvisor
"{37BEE0A4-72B9-1014-A77C-C46F3F2C3207}" = Adobe InDesign CC 2014 (32-bit)
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}" = Nero BackItUp 12 Essentials OEM.a01
"{4F17F6E7-2D27-139B-DF86-0A2F6BBD5E65}" = AMD Catalyst Control Center
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5A1AE61E-393A-DE99-4733-AB36127B36F6}" = CCC Help Portuguese
"{5C97100A-CBFA-F752-1CC4-8D59BB06DA51}" = CCC Help Polish
"{5CF1C22A-11DA-C6AC-7E66-289A858F5C46}" = CCC Help Korean
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6A450C9E-E017-4881-01F9-BD1E242E2AF0}" = CCC Help Dutch
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B60CF02-C313-3384-5A75-F8D548398803}" = CCC Help Turkish
"{6DEE7496-3ED6-DE4C-9BEF-1E7F247CAAD1}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{793C2BF7-A4FE-4608-91C9-9282C5801C21}" = Adobe Photoshop CC 2015
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{8743B562-6637-0E40-76AC-3A8D09328F01}" = Catalyst Control Center InstallProxy
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B5938FB-35EA-DF7F-E1FF-EB3E577E7125}" = CCC Help German
"{904BD3AD-0841-8364-08D6-A41F48FAE30E}" = CCC Help Chinese Traditional
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{9669A51F-16AA-9DCB-6756-CEF9E140EC9C}" = CCC Help Korean
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99D70190-1870-B004-820B-6DCFD622703F}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA44AD4-B6B1-956C-92FF-043178C9CAE5}" = CCC Help Danish
"{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent
"{A6DC88AD-501A-44BC-884D-57435F972E2C}" = Hotkey Utility
"{A8170CD1-F477-12A2-FCDE-E93759682F6F}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA90CE8A-A77C-3CEB-DCD8-56DFDEDE808F}" = CCC Help Danish
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-0804-1033-1959-001824211354}" = Adobe Refresh Manager
"{AC76BA86-1033-FFFF-7760-0C0F074E4100}" = Adobe Acrobat DC
"{AC76BA86-7AD7-1044-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Norsk
"{ACD89BA8-EAA8-4D7F-F61C-4C072CEC354B}" = CCC Help Japanese
"{AD3317DB-5E17-C2E9-6E76-215157DF1792}" = CCC Help English
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{BC1ECCD7-EE86-4231-AF1B-6E52B49A4532}" = Green Line 1 Sprachtrainer
"{BC41D891-531E-FC55-CDD8-C1CDFABE13D3}" = CCC Help Swedish
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C4CEDA1F-9A92-B31F-5E6A-18C4300F04D8}" = Catalyst Control Center Localization All
"{C8DA89DA-C203-EEF3-281E-E34AB1F2CC81}" = Catalyst Control Center Localization All
"{C8DB7D14-11F3-9B81-27C4-BEB7C11D3107}" = CCC Help Spanish
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CD4005E4-E612-14BB-1BC4-636AE955D995}" = CCC Help Chinese Traditional
"{CE24C50B-3A91-3880-4F4D-9EDD595E01DF}" = CCC Help Norwegian
"{CED122AA-03DA-E301-FE04-98784421E639}" = CCC Help French
"{D05EA7FA-B112-103C-FBBE-8163B1B33A30}" = CCC Help Dutch
"{D33FFCDF-6B95-3586-F8B8-27CE5FF728C6}" = CCC Help Russian
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DBFD0312-6E55-1014-8952-E78D43BC0147}" = Adobe InDesign CC 2015
"{E342E703-8D0F-AAAD-FF90-0EBB60CF9C3A}" = CCC Help Greek
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{EB8464D8-D611-4A2E-5962-DB47A70E4B73}" = CCC Help German
"{EB938F46-2780-1AF2-2579-A41EA96F8C1F}" = CCC Help Czech
"{EBE0919B-F97B-4D58-9B1D-9EEA3003718D}" = Catalyst Control Center - Branding
"{EC69CA1F-E148-D858-0C68-48D1E759416B}" = Catalyst Control Center Graphics Previews Common
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2569C93-029A-D00E-560F-40954008865B}" = CCC Help Greek
"{F486E5F2-0300-FDA0-BE59-C8CE3CAC8165}" = CCC Help Portuguese
"{F546ACF6-5427-F740-FC98-EBDC65A018AB}" = CCC Help Polish
"{F61D13C7-7209-0AD0-6584-1FCE625EBB11}" = CCC Help Italian
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F7AFD54C-285E-E3D8-D17F-BE1C24403AF0}" = CCC Help Norwegian
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FE705EB4-D4F1-3B0C-8965-798B8B2FC0E8}" = CCC Help Czech
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ExpressZip" = Express Zip
"FileZilla Client" = FileZilla Client 3.13.1
"ILST_19_1_1" = Adobe Illustrator CC 2015
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"Mozilla Firefox 52.0.1 (x86 en-US)" = Mozilla Firefox 52.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee All Access – Internet Security
"Picasa 3" = Picasa 3
"QuickTime" = QuickTime
"VLC media player" = VLC media player
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2017 16:52:30 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
Software\Avast\setup\iplugins\IStats.dll. Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
sxstrace.exe for detaljert diagnostisering.
Error - 25.03.2017 16:52:34 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
Software\Avast\setup\iplugins\IStats.dll. Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
sxstrace.exe for detaljert diagnostisering.
Error - 25.03.2017 17:11:47 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
Software\Avast\setup\iplugins\IStats.dll. Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
sxstrace.exe for detaljert diagnostisering.
Error - 25.03.2017 21:14:29 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
Software\Avast\setup\iplugins\IStats.dll. Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
sxstrace.exe for detaljert diagnostisering.
Error - 26.03.2017 01:15:13 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
Software\Avast\setup\iplugins\IStats.dll. Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
sxstrace.exe for detaljert diagnostisering.
Error - 26.03.2017 02:08:41 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
Software\Avast\setup\iplugins\IStats.dll. Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
sxstrace.exe for detaljert diagnostisering.
Error - 26.03.2017 02:15:51 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
Software\Avast\setup\iplugins\IStats.dll. Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
sxstrace.exe for detaljert diagnostisering.
Error - 26.03.2017 02:38:24 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
Software\Avast\setup\iplugins\IStats.dll. Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
sxstrace.exe for detaljert diagnostisering.
Error - 26.03.2017 02:45:32 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
Software\Avast\setup\iplugins\IStats.dll. Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
sxstrace.exe for detaljert diagnostisering.
Error - 26.03.2017 09:00:59 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Programnavn med feil: McUICnt.exe, versjon: 8.3.3037.0, tidsangivelse:
0x584adc85 Modulnavn med feil: mcupdui.dll, versjon: 15.3.3079.0, tidsangivelse:
0x589dd349 Unntakskode: 0xc0000005 Feilforskyvning: 0x000000000005339b Feil prosess-ID:
0x1524 Feil starttid for program: 0x01d2a6264accf6b2 Feil programbane: C:\Program
Files\Common Files\McAfee\Platform\McUICnt.exe Feil modulbane: c:\PROGRA~1\mcafee\msc\mcupdui.dll
Rapport-ID:
4167cba6-1224-11e7-8172-7427ea58029d Fullstendig navn på feilpakke: Relativ program-ID
for feilpakke:
[ System Events ]
Error - 26.03.2017 10:59:56 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 26.03.2017 11:01:57 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 26.03.2017 11:03:59 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 26.03.2017 11:06:00 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 26.03.2017 11:08:02 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 26.03.2017 11:10:03 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 26.03.2017 11:12:05 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 26.03.2017 11:14:06 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 26.03.2017 11:16:07 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 26.03.2017 11:18:08 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
< End of report >
otl.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 26.03.2017 16:40:31 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruker\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17351) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 3,71 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 31,19% Memory free 4,34 Gb Paging File | 1,68 Gb Available in Paging File | 38,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223,16 Gb Total Space | 136,63 Gb Free Space | 61,23% Space Free | Partition Type: NTFS Drive D: | 224,36 Gb Total Space | 224,23 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Bruker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bruker\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated) PRC - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\{0E88047A-B923-B3D1-7630-1AB7F5B99A06}\E73F0F62-5094-B8C9-BB09-2EB3FCE03EC7.exe () PRC - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) PRC - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe () PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Node.js) PRC - C:\Programfiler\Tablet\Wacom\WacomHost.exe (Wacom Technology) PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe () PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe () ========== Modules (No Company Name) ========== MOD - C:\ProgramData\{0E88047A-B923-B3D1-7630-1AB7F5B99A06}\E73F0F62-5094-B8C9-BB09-2EB3FCE03EC7.exe () MOD - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll () MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanMessage5.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe () MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node () MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node () MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node () MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node () MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node () MOD - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\nb_NO\AcroTray.NOR () MOD - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe () MOD - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll () ========== Services (SafeList) ========== SRV:64bit: - (mccspsvc) -- C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McBootDelayStartSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mfemms) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe () SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AGSService) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) SRV - (ClientAnalyticsService) -- C:\programfiler\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe (Intel Security) SRV - (McODS) -- C:\programfiler\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McAPExe) -- C:\programfiler\Common Files\McAfee\VSCore_15_6\mcapexe.exe (McAfee, Inc.) SRV - (ModuleCoreService) -- C:\programfiler\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PEFService) -- C:\programfiler\Common Files\Intel Security\PEF\CORE\PEFService.exe (Intel Security, Inc.) SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) SRV - (AdobeUpdateService) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems Incorporated) SRV - (WTabletServicePro) -- C:\programfiler\Tablet\Wacom\WTabletServicePro.exe (Wacom Technology, Corp.) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (ePowerSvc) -- C:\programfiler\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (WSWNDA3100v2) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe () SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\drivers\mfeelamk.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfeaack) -- C:\Windows\SysNative\drivers\mfeaack.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeplk) -- C:\Windows\SysNative\drivers\mfeplk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.) DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.) DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.) DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology) DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology) DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWB6.sys (Advanced Micro Devices) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (amdkmafd) -- C:\Windows\SysNative\drivers\amdkmafd.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (SerComm Corporation) DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV - (mfesapsn) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys (McAfee, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{E47200E5-0FAA-4038-994B-4B06C9BC2599}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{E47200E5-0FAA-4038-994B-4B06C9BC2599}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Http://www.startsiden.no/ IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes,DefaultScope = {F3E57936-9225-426B-956B-6C1BA339A707} IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes\{BC6616EC-D90E-43F0-ADE3-222B3C3CA4CB}: "URL" = hxxp://www.google.com/search?q={searchTerms} IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes\{E47200E5-0FAA-4038-994B-4B06C9BC2599}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes\{F3E57936-9225-426B-956B-6C1BA339A707}: "URL" = https://no.search.yahoo.com/search?fr=mcafee&type=C011NO866D20150906&p={searchTerms} IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "NO" FF - prefs.js..browser.search.defaultenginename: "Sikkert søk" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.order.1: "Sikkert søk" FF - prefs.js..browser.search.region: "NO" FF - prefs.js..browser.search.selectedEngine: "Sikkert søk" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:5.0.512.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR\SAFFPLG.XPI [2017.03.26 12:10:20 | 000,121,206 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension.15@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017.01.17 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017.03.26 12:10:20 | 000,121,206 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2017.03.26 10:30:26 | 000,000,000 | ---D | M] [2013.12.15 22:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\Extensions [2017.03.26 12:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\Firefox\Profiles\kuhvipkv.default\extensions [2017.03.26 12:01:38 | 000,008,115 | ---- | M] () (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\features\{c909a356-566e-4f0b-8c4b-a541e11c2c45}\deployment-checker@mozilla.org.xpi [2017.03.26 12:01:39 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\features\{c909a356-566e-4f0b-8c4b-a541e11c2c45}\e10srollout@mozilla.org.xpi [2016.10.27 20:17:36 | 000,005,389 | ---- | M] () (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\features\{e6e71a7a-1a69-40f9-b6cf-3ff3b500a881}\asyncrendering@mozilla.org.xpi [2014.08.23 21:13:06 | 000,001,238 | ---- | M] () -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\searchplugins\buenosearchkms.xml [2016.04.04 18:16:19 | 000,001,441 | ---- | M] () -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\searchplugins\McSiteAdvisor.xml [2017.03.26 11:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2017.03.26 12:10:20 | 000,121,206 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR\SAFFPLG.XPI ========== Chrome ========== CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\ CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\5.0.532.0_0\ CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\ CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\ CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\ CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\ O1 HOSTS File: ([2017.03.25 17:34:40 | 000,000,846 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated) O2:64bit: - BHO: (McAfee WebAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee WebAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.) O9:64bit: - Extra Button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O9:64bit: - Extra 'Tools' menuitem : McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O9 - Extra Button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O9 - Extra 'Tools' menuitem : McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B990742-C6AC-49CA-A97B-692A7995B491}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B84E81A-A2E9-4210-9152-7333D84E9D7A}: DhcpNameServer = 82.163.143.157 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AA16032-4CFC-411B-A182-DC137BED4A1F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73E4C381-0321-40F9-8C1A-7FA672B079C0}: DhcpNameServer = 82.163.143.157 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEC35DC4-D3D5-4062-BACF-C0B5F3013CBD}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\programfiler\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2016.08.26 08:31:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2017.03.26 11:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2017.03.26 10:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2017.03.26 10:30:22 | 000,216,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys [2017.03.26 10:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel Security [2017.03.26 10:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2017.03.26 10:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Security [2017.03.26 10:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV [2017.03.26 10:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2017.03.26 10:14:28 | 000,342,768 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\mfevtps.exe [2017.03.26 10:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2017.03.26 08:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2017.03.25 22:50:20 | 000,992,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ucrtbase.dll [2017.03.25 22:50:20 | 000,921,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ucrtbase.dll [2017.03.25 22:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software ========== Files - Modified Within 30 Days ========== [2017.03.26 16:35:30 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2017.03.26 13:48:23 | 000,863,634 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2017.03.26 13:48:23 | 000,722,278 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2017.03.26 13:48:23 | 000,135,394 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2017.03.26 13:48:23 | 000,012,192 | ---- | M] () -- C:\WINDOWS\SysNative\perfh014.dat [2017.03.26 13:48:23 | 000,004,024 | ---- | M] () -- C:\WINDOWS\SysNative\perfc014.dat [2017.03.26 13:44:57 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2017.03.26 13:42:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2017.03.26 13:42:46 | 3189,194,752 | -HS- | M] () -- C:\hiberfil.sys [2017.03.26 11:51:36 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2017.03.26 10:32:03 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\McAfee All Access – Internet Security.lnk [2017.03.26 08:57:32 | 000,000,246 | ---- | M] () -- C:\Users\Bruker\Desktop\nr_mca.rtf [2017.03.25 22:59:42 | 000,000,000 | ---- | M] () -- C:\unp305821863110486503.mdmp [2017.03.25 22:49:56 | 000,921,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ucrtbase.dll [2017.03.25 22:49:54 | 000,992,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ucrtbase.dll [2017.03.25 19:36:49 | 000,000,034 | ---- | M] () -- C:\Users\Bruker\AppData\Roaming\AdobeWLCMCache.dat [2017.03.25 12:04:33 | 000,250,463 | ---- | M] () -- C:\Users\Bruker\Desktop\Masoud Biglari_kunst og håndverk-åsen-skole.pdf [2017.02.25 21:50:44 | 002,183,056 | ---- | M] () -- C:\Users\Bruker\Documents\Untitled-1.ai [2017.02.25 21:07:37 | 002,007,096 | ---- | M] () -- C:\Users\Bruker\Documents\m.ai ========== Files Created - No Company Name ========== [2017.03.26 11:51:36 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2017.03.26 11:51:35 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2017.03.26 10:32:02 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\McAfee All Access – Internet Security.lnk [2017.03.25 22:59:42 | 000,000,000 | ---- | C] () -- C:\unp305821863110486503.mdmp [2017.03.25 19:37:39 | 000,000,246 | ---- | C] () -- C:\Users\Bruker\Desktop\nr_mca.rtf [2017.03.25 11:50:48 | 000,250,463 | ---- | C] () -- C:\Users\Bruker\Desktop\Masoud Biglari_kunst og håndverk-åsen-skole.pdf [2017.02.25 21:50:39 | 002,183,056 | ---- | C] () -- C:\Users\Bruker\Documents\Untitled-1.ai [2017.02.25 21:07:32 | 002,007,096 | ---- | C] () -- C:\Users\Bruker\Documents\m.ai [2017.01.21 22:31:52 | 000,001,456 | ---- | C] () -- C:\Users\Bruker\AppData\Local\Adobe Lagre for web 13.0 Prefs [2015.11.20 11:46:56 | 000,000,034 | ---- | C] () -- C:\Users\Bruker\AppData\Roaming\AdobeWLCMCache.dat [2015.08.04 04:56:54 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll [2015.08.04 04:07:42 | 000,143,872 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe [2015.08.04 04:07:34 | 000,189,952 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll [2015.08.04 03:37:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll [2015.07.18 08:42:58 | 000,000,570 | ---- | C] () -- C:\WINDOWS\wininit.ini [2014.10.18 09:39:18 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.02.12 19:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.02.12 19:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2016.04.22 18:57:53 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\AMD [2015.03.10 19:02:27 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\ClassicShell [2014.08.23 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\DesktopIconGoodgame [2015.08.30 16:59:35 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\FileZilla [2016.08.27 16:58:09 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\IObit [2016.04.22 18:18:38 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\library_dir [2014.10.19 10:40:03 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\MyHeritage [2014.12.06 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\Obsidium [2014.11.01 20:41:28 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\Oracle [2014.08.23 21:16:40 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\ProductData [2014.12.06 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\Proxima Software [2014.08.23 20:33:37 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\rmi ========== Purity Check ========== < End of report > Geändert von cosinus (27.03.2017 um 11:29 Uhr) Grund: code tags |
|
27.03.2017, 11:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malware (viren) eingefangen OTL wird hier nicht mehr verwendet.
__________________Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
| Themen zu Malware (viren) eingefangen |
| antivirus, bho, bildschirm, desktop, error, flash player, google, homepage, iexplore.exe, install.exe, logfile, malware, mozilla, node.js, realtek, registry, scan, security, shark, siteadvisor, software, svchost.exe, trojaner, usb, viren, virus, windows |
Linear-Darstellung
