Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware (viren) eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.03.2017, 17:46   #1
Spomi
 
Malware (viren) eingefangen - Standard

Malware (viren) eingefangen



Hallo.
Ich glaube, einen Virus auf dem PC (Win8) bekommen zu haben (Angriff war sichtbar auf dem Bildschirm zu sehen). Mein McAffee lässt sich nicht mehr öffnen (angezeigt wird nur ein weisses leeres Fenster), auch nicht deinstallieren oder sonst noch was. Auch die McAffee removal SW kann nichts ändern. Hab im Netz gegoogelt und Euere Seite mit "OTL.exe" download gefunden. Danach habe ich einen check (wie ihr beschrieben habt) gemacht. Die Inhalte der "extras.txt" und "otl.txt" sind unten beigelegt. Hoffe mir kann geholfen werden die trojaner wegzubekommen und McAffee deinstalliert zu bekommen (wurde gerne eine andere Antivirus sw installieren). Vielen Dank. Spomi

extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.03.2017 16:40:31 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruker\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
 
3,71 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 31,19% Memory free
4,34 Gb Paging File | 1,68 Gb Available in Paging File | 38,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,16 Gb Total Space | 136,63 Gb Free Space | 61,23% Space Free | Partition Type: NTFS
Drive D: | 224,36 Gb Total Space | 224,23 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Bruker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2598525157-2036842401-3517805176-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Users\Bruker\AppData\Roaming\FileOpenerWindows\wfo.exe "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Users\Bruker\AppData\Roaming\FileOpenerWindows\wfo.exe "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C78CA7-7F20-4F46-AC79-AA942DC67A01}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{26810F91-8D18-4F27-BC68-5FDC98F433A0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5EEDCF0E-71D8-41E5-AF1B-96947584E63E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{874201D2-25F2-4A7C-8C2F-A56AB4B20D8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A4C10E0F-8F7B-4EA9-9CE6-512655062D15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BBE2BEDE-3AB2-4B54-A547-37F8F22176A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD707BA5-46CA-4C67-8645-61963ED954F1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D741A715-7697-4C32-9291-D3C32924E2C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3E3B88F-D5F8-4EC5-A888-CF0A48F0A0FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051F4C55-EDF5-43AE-9BC5-B724842067D7}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{09D8915A-9EFF-401A-9D63-BCD276BF3EF8}" = dir=out | name=windows_ie_ac_001 | 
"{0DA14629-64F4-4152-A74E-DAAF0163D106}" = dir=out | name=tunein radio | 
"{13619121-5433-4224-A545-80E962B02091}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\playstv\playstv.exe | 
"{137206CA-3EA5-4F6B-B939-6BE29DFA3433}" = dir=out | name=sonicwall mobile connect | 
"{1798BE8E-A94D-457D-8E71-8060ADE25444}" = dir=out | name=shark dash | 
"{1A1E2549-42B1-4DC9-9F8A-BD0E032F9021}" = dir=in | name=packard bell explorer | 
"{1BD07C7D-00F4-4A89-AC7A-50DF89CFC1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe | 
"{213B49C0-2FEF-4E6D-9E24-6D77B8CFB65E}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{232E5D59-CF2A-44C7-BA4C-F418FA799171}" = dir=out | name=onenote | 
"{266CD18E-DF80-4740-BB55-99EF3A979EF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2918E9D7-459D-47F8-92B5-DD54FED07BD7}" = dir=out | name=@{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{2C91E285-FCB9-43FA-89B7-9FBCF3CB51A5}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\playstv\playstv.exe | 
"{30365564-04D4-4319-892B-418E260E161B}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{3077A3C2-91F2-4900-862D-FB93451DD168}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr_im.exe | 
"{307A1909-9A5C-4EED-8E98-8BDA41E914BC}" = dir=out | name=the treasures of montezuma 3 | 
"{35BE0217-C765-49C5-8D81-C7F619A70C66}" = dir=out | name=@{microsoft.zunemusic_2.2.903.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{364A6997-C4B5-4548-9A97-EA91335C8015}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{38F36F0B-7D7B-4B32-A0E3-1A81CB5DF74D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{3C2DCC49-60EA-439C-B16B-72761604D9EC}" = dir=in | name=juniper networks junos pulse | 
"{3CE47416-A0A0-4127-8AD7-19D23DC3762D}" = dir=in | name=f5 vpn | 
"{3DEEB46E-FD9A-4589-A2BF-BC5A80E7D27D}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{3E1E7B80-14DA-41F1-813A-3911FE1F6C3A}" = dir=out | name=@{microsoft.bingnews_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{3F1BDFC7-3FFA-4841-B216-35F28D904060}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | 
"{405B8EF9-F0A6-40E6-8BBD-29C31D7998F2}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4696DD24-377C-4BE1-B92E-7AA1FC0B90CB}" = dir=out | name=check point vpn | 
"{49358481-EB7D-45E4-B70C-2A5189F45498}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{501C2B31-4C5B-4005-8B2D-83BCC142F3A8}" = dir=out | name=windows_ie_ac_001 | 
"{51ADEA1D-7697-4D5E-855F-6AD7D169E3A2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{55BB3EDA-1433-432F-97C3-C22BCD22CBD5}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5B1DE5ED-34E4-41C1-9218-BA62B6970814}" = dir=out | name=pinball fx2 | 
"{5DC15486-77C5-439D-96D8-EDE73B539B61}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{5E0C03CF-D5BD-4ADC-A2B9-66E2D1993F22}" = protocol=6 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe | 
"{5E71CD3C-0AF2-406D-9835-B38DD336DCAB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{647034C0-3541-4466-989E-0C6FCB7EA545}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{67B00CCF-53C9-43E8-BCDD-400ED72C428F}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{67B83F85-FE9F-4481-B5B5-B15B01A97129}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{682A1EBC-31DB-4832-AEED-1184F574E3F0}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{6C275C5E-3615-4BF7-BC92-9A12EA60E460}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DA1C6CC-30E8-462A-8EF3-B911CCDE7B98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6F09B1C7-8C55-4E7B-9FEA-EA7A9B01F9AC}" = dir=out | name=7digital music store | 
"{746D29E1-B741-4684-BCEC-51C66CE78848}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe | 
"{7592B4AE-09C3-4AF4-85C4-435F91F21666}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{763F4781-ED8C-4031-BF5D-D82E28E62F5C}" = dir=out | name=@{microsoft.bingtravel_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{774AE87A-8A33-4F64-9707-3D120A3D3AB6}" = dir=out | name=juniper networks junos pulse | 
"{79DEEB56-48B2-45DB-8A86-FA1A8A3CBBC9}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{7B0D2DA3-6DB6-4E9E-B944-E4C47425426A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr.exe | 
"{7BF44F3D-8580-4EBF-A798-5CC1FD85B5E7}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{7CB67595-D60E-4582-B31A-315D12D124B7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | 
"{7E216707-A462-47DE-9A67-ACBCE68220C9}" = dir=out | name=microsoft mahjong | 
"{7F560EA1-05DE-4184-8CD2-F28BE9535A71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{81F3D17C-BAC0-47E8-A887-1E6162BBB791}" = dir=out | name=microsoft solitaire collection | 
"{8418AECB-49DE-4A14-96FD-10C7FEF7EFF6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{8D636DA7-A24F-4F11-9F8D-D416045B67D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{916821B9-2086-4416-84C7-CC626FA03B06}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{93322E97-E2D4-4EDE-A550-7574168C3364}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr_im.exe | 
"{96276E2B-BFB2-4024-B32A-F380BF1879F6}" = dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{9928E862-9B4A-4E4A-8DFD-E33941EAA5E0}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A31795CD-E4CA-4F6A-8BEF-C62ED2E838AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A476087D-05E7-4B4B-B883-912E50B23DF1}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A5B2059A-9B23-45F1-A4B9-B698DD6AD601}" = dir=in | name=check point vpn | 
"{A6C1BCC9-B26A-45B8-B35A-6F6D46D955CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AA554A21-A328-46F8-903B-E3CF0FA945F1}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr inc\raptr\raptr.exe | 
"{AAEE3095-4F59-4B4B-ABFF-00EA78456DA7}" = dir=out | name=kindle | 
"{AD18F4EE-52DC-4A71-AB6C-5F3131E85F4E}" = dir=in | name=newsxpresso | 
"{AD7CC870-5278-4B64-A2C1-D91C51CF2C09}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{AF3DFD63-978A-4D17-B85C-20C7AC15F0ED}" = dir=out | name=windows_ie_ac_001 | 
"{B262AE8E-6CE8-4737-B0C8-694F7BFF41E5}" = dir=out | name=skype | 
"{B4B32FF7-EC7A-4B23-B4E9-07C36C442748}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{B572B690-DE16-4308-B69A-3AE749AE20B3}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{B94C9B30-C09A-4D53-AB31-7A4CB9FD02A7}" = dir=out | name=cut the rope | 
"{BD594A6A-E030-4774-B930-EB2E12D50BDB}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{C218E1B6-CBBE-4FBB-8823-CB207C877ADE}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{C5BF0244-54C3-408E-8C6C-067DB829C5CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C71888DE-7F04-43CA-986E-A2183868E2C9}" = dir=out | name=newsxpresso | 
"{C762717B-A782-44F1-B05E-1DADE3943189}" = dir=out | name=taptiles | 
"{CA6E7064-FE14-405A-9807-E399BCF29771}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{CB6E2AA8-A059-4781-9DB3-19739DD7A6C0}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{CDD14842-38EF-48AC-8A4A-9817F901D4A3}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{CE9992B7-679B-48C1-B10D-941821BCD4B3}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | 
"{D308FA15-E57C-4531-92D0-6990D430B412}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D78A7CCE-334C-4A14-9CC0-173A66AB7CC7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | 
"{D7CFD691-5715-43FB-8C99-63B7DF8DF465}" = dir=in | name=sonicwall mobile connect | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DD0EEE70-1B7D-4EE6-98E5-FD07BE4D571A}" = dir=out | name=packard bell explorer | 
"{DF084E71-1CF2-4AFC-B67B-099F5D27F886}" = dir=in | name=onenote | 
"{E291BB0B-269C-488D-8DD6-0AB8FC9C78B2}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | 
"{E57D2E52-6F68-44A0-BC25-3AD66524B9F6}" = dir=out | name=@{microsoft.bingweather_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | 
"{E5C612B8-45D2-422C-B22A-AD9492201EC7}" = protocol=6 | dir=out | app=system | 
"{E5DB087C-A978-4A36-A64F-3C07A86A945B}" = dir=out | name=weatherbug.a | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E9A10915-17F9-4630-BF56-037187945FFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA5F6C16-21DF-46D9-B558-BC37DB008952}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{ECCFE443-D119-4602-B9E1-A111C9A8F2EE}" = dir=out | name=f5 vpn | 
"{F1A0594F-11F1-42BC-9BFB-107958DDE0BE}" = dir=out | name=netflix | 
"{F278416C-AE3C-4379-9337-EAA8D08934BA}" = dir=out | name=wordament | 
"{F27AA47E-13A0-4C45-A5B4-DB6E85BAA5CB}" = dir=out | name=microsoft minesweeper | 
"{F5AD4103-6906-4A93-A155-4787E887404D}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F836093A-DDB8-4BD0-9C27-07C966D0EE32}" = dir=in | name=pinball fx2 | 
"{FDD96F64-458B-4649-9D9B-3D4558EF7A4F}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{FECCB6B5-A373-4057-9F3C-177CFCD2AD4F}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"TCP Query User{1FD62684-5B7F-442F-BCE8-674DE7224D1E}C:\program files (x86)\acer remote\arcserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe | 
"TCP Query User{29E71704-8472-4D1A-9819-B329FDA266C0}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{75C86F12-2372-4B5C-80BC-EDE4E668E2FE}C:\mamp\bin\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\mamp\bin\apache\bin\httpd.exe | 
"TCP Query User{7AEC39E8-4DFE-4600-AE30-D4904C69E244}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{85E6F059-0AB4-4D77-9AB1-55674ECE2FCE}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"TCP Query User{F807E15D-AA84-42AC-A2B6-CBAB48813AAB}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{1A96D1B9-04DF-4980-8F2C-2D7374EFBF31}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{435304AD-ECF1-4369-9D11-F37F6E824911}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{6A23648B-5B83-4128-A023-C77C93438E18}C:\program files (x86)\acer remote\arcserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer remote\arcserver.exe | 
"UDP Query User{85D2C92D-F2C2-4649-82CB-E4FBE502C47A}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"UDP Query User{96072382-2633-4101-8300-8D5F677B0B48}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{C5478571-D36C-4881-A6D3-2206F2096E34}C:\mamp\bin\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\mamp\bin\apache\bin\httpd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Packard Bell Recovery Management
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E5AC9F2-19C8-0CA1-034B-A3056AD67E1C}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572C982F-95F5-0562-AE8F-8A9D7D024A88}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Packard Bell Power Management
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{98BB5224-BC5D-4028-9D20-536C1C263AA9}" = Classic Shell
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A5CBF1CC-18D8-C035-6E64-9EEB58851B01}" = AMD Fuel
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AEA7FB3E-3A75-3F9C-C5B5-85998C8A2F81}" = ccc-utility64
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{DBF565E2-B42B-B256-7DC8-B6240C53EF0D}" = AMD Accelerated Video Transcoding
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{086E1D65-EF19-280C-5616-7A87A6B95F88}" = CCC Help Swedish
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{1398DDAD-B984-275D-C61E-A1C5152450F8}" = CCC Help Finnish
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1935505D-28FE-0FFE-9EB6-6AF73397C7BE}" = CCC Help Turkish
"{1D9F8C88-F76A-6B07-2276-98DF1173901B}" = CCC Help Spanish
"{1E2ABB89-F7F3-8D64-3345-27E5735AA20C}" = CCC Help Chinese Standard
"{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}" = Adobe Touch App Plugins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF18EF2-2B14-CCFD-56FE-C5A84F66689C}" = CCC Help Hungarian
"{221BFD98-55F8-C64E-C2FA-56694133DB69}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83218045F0}" = Java 8 Update 45
"{26A24AE4-039D-4CA4-87B4-2F83218091F0}" = Java 8 Update 91
"{27282E77-DB14-5769-2032-F381343DAA31}" = CCC Help Japanese
"{27D49E0E-422F-C9D3-56BC-CF0881C7A477}" = CCC Help Chinese Standard
"{2904E0A2-B74F-EFAD-A523-46D0F64B3B4A}" = CCC Help Finnish
"{2BC2EDB2-6F5C-3058-D312-B991AB26E870}" = CCC Help Thai
"{2E8B87B9-DBD2-B5A1-B1A7-C4228CFC193A}" = CCC Help Thai
"{2EE2F065-4B50-F7C4-5F6D-DA25874A0D0B}" = CCC Help Russian
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee WebAdvisor
"{37BEE0A4-72B9-1014-A77C-C46F3F2C3207}" = Adobe InDesign CC 2014 (32-bit)
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}" = Nero BackItUp 12 Essentials OEM.a01
"{4F17F6E7-2D27-139B-DF86-0A2F6BBD5E65}" = AMD Catalyst Control Center
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5A1AE61E-393A-DE99-4733-AB36127B36F6}" = CCC Help Portuguese
"{5C97100A-CBFA-F752-1CC4-8D59BB06DA51}" = CCC Help Polish
"{5CF1C22A-11DA-C6AC-7E66-289A858F5C46}" = CCC Help Korean
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6A450C9E-E017-4881-01F9-BD1E242E2AF0}" = CCC Help Dutch
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B60CF02-C313-3384-5A75-F8D548398803}" = CCC Help Turkish
"{6DEE7496-3ED6-DE4C-9BEF-1E7F247CAAD1}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{793C2BF7-A4FE-4608-91C9-9282C5801C21}" = Adobe Photoshop CC 2015
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{8743B562-6637-0E40-76AC-3A8D09328F01}" = Catalyst Control Center InstallProxy
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B5938FB-35EA-DF7F-E1FF-EB3E577E7125}" = CCC Help German
"{904BD3AD-0841-8364-08D6-A41F48FAE30E}" = CCC Help Chinese Traditional
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{9669A51F-16AA-9DCB-6756-CEF9E140EC9C}" = CCC Help Korean
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99D70190-1870-B004-820B-6DCFD622703F}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA44AD4-B6B1-956C-92FF-043178C9CAE5}" = CCC Help Danish
"{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent
"{A6DC88AD-501A-44BC-884D-57435F972E2C}" = Hotkey Utility
"{A8170CD1-F477-12A2-FCDE-E93759682F6F}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA90CE8A-A77C-3CEB-DCD8-56DFDEDE808F}" = CCC Help Danish
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-0804-1033-1959-001824211354}" = Adobe Refresh Manager
"{AC76BA86-1033-FFFF-7760-0C0F074E4100}" = Adobe Acrobat DC
"{AC76BA86-7AD7-1044-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Norsk
"{ACD89BA8-EAA8-4D7F-F61C-4C072CEC354B}" = CCC Help Japanese
"{AD3317DB-5E17-C2E9-6E76-215157DF1792}" = CCC Help English
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{BC1ECCD7-EE86-4231-AF1B-6E52B49A4532}" = Green Line 1 Sprachtrainer
"{BC41D891-531E-FC55-CDD8-C1CDFABE13D3}" = CCC Help Swedish
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C4CEDA1F-9A92-B31F-5E6A-18C4300F04D8}" = Catalyst Control Center Localization All
"{C8DA89DA-C203-EEF3-281E-E34AB1F2CC81}" = Catalyst Control Center Localization All
"{C8DB7D14-11F3-9B81-27C4-BEB7C11D3107}" = CCC Help Spanish
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CD4005E4-E612-14BB-1BC4-636AE955D995}" = CCC Help Chinese Traditional
"{CE24C50B-3A91-3880-4F4D-9EDD595E01DF}" = CCC Help Norwegian
"{CED122AA-03DA-E301-FE04-98784421E639}" = CCC Help French
"{D05EA7FA-B112-103C-FBBE-8163B1B33A30}" = CCC Help Dutch
"{D33FFCDF-6B95-3586-F8B8-27CE5FF728C6}" = CCC Help Russian
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DBFD0312-6E55-1014-8952-E78D43BC0147}" = Adobe InDesign CC 2015
"{E342E703-8D0F-AAAD-FF90-0EBB60CF9C3A}" = CCC Help Greek
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{EB8464D8-D611-4A2E-5962-DB47A70E4B73}" = CCC Help German
"{EB938F46-2780-1AF2-2579-A41EA96F8C1F}" = CCC Help Czech
"{EBE0919B-F97B-4D58-9B1D-9EEA3003718D}" = Catalyst Control Center - Branding
"{EC69CA1F-E148-D858-0C68-48D1E759416B}" = Catalyst Control Center Graphics Previews Common
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2569C93-029A-D00E-560F-40954008865B}" = CCC Help Greek
"{F486E5F2-0300-FDA0-BE59-C8CE3CAC8165}" = CCC Help Portuguese
"{F546ACF6-5427-F740-FC98-EBDC65A018AB}" = CCC Help Polish
"{F61D13C7-7209-0AD0-6584-1FCE625EBB11}" = CCC Help Italian
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F7AFD54C-285E-E3D8-D17F-BE1C24403AF0}" = CCC Help Norwegian
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FE705EB4-D4F1-3B0C-8965-798B8B2FC0E8}" = CCC Help Czech
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ExpressZip" = Express Zip
"FileZilla Client" = FileZilla Client 3.13.1
"ILST_19_1_1" = Adobe Illustrator CC 2015
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"Mozilla Firefox 52.0.1 (x86 en-US)" = Mozilla Firefox 52.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee All Access – Internet Security
"Picasa 3" = Picasa 3
"QuickTime" = QuickTime
"VLC media player" = VLC media player
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.03.2017 16:52:30 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
 Software\Avast\setup\iplugins\IStats.dll.  Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
 sxstrace.exe for detaljert diagnostisering.
 
Error - 25.03.2017 16:52:34 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
 Software\Avast\setup\iplugins\IStats.dll.  Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
 sxstrace.exe for detaljert diagnostisering.
 
Error - 25.03.2017 17:11:47 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
 Software\Avast\setup\iplugins\IStats.dll.  Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
 sxstrace.exe for detaljert diagnostisering.
 
Error - 25.03.2017 21:14:29 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
 Software\Avast\setup\iplugins\IStats.dll.  Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
 sxstrace.exe for detaljert diagnostisering.
 
Error - 26.03.2017 01:15:13 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
 Software\Avast\setup\iplugins\IStats.dll.  Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
 sxstrace.exe for detaljert diagnostisering.
 
Error - 26.03.2017 02:08:41 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
 Software\Avast\setup\iplugins\IStats.dll.  Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
 sxstrace.exe for detaljert diagnostisering.
 
Error - 26.03.2017 02:15:51 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
 Software\Avast\setup\iplugins\IStats.dll.  Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
 sxstrace.exe for detaljert diagnostisering.
 
Error - 26.03.2017 02:38:24 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
 Software\Avast\setup\iplugins\IStats.dll.  Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
 sxstrace.exe for detaljert diagnostisering.
 
Error - 26.03.2017 02:45:32 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\AVAST
 Software\Avast\setup\iplugins\IStats.dll.  Finner ikke den avhengige samlingen Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1".
Bruk
 sxstrace.exe for detaljert diagnostisering.
 
Error - 26.03.2017 09:00:59 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Programnavn med feil: McUICnt.exe, versjon: 8.3.3037.0, tidsangivelse:
 0x584adc85  Modulnavn med feil: mcupdui.dll, versjon: 15.3.3079.0, tidsangivelse:
 0x589dd349  Unntakskode: 0xc0000005  Feilforskyvning: 0x000000000005339b  Feil prosess-ID:
 0x1524  Feil starttid for program: 0x01d2a6264accf6b2  Feil programbane: C:\Program
 Files\Common Files\McAfee\Platform\McUICnt.exe  Feil modulbane: c:\PROGRA~1\mcafee\msc\mcupdui.dll
Rapport-ID:
 4167cba6-1224-11e7-8172-7427ea58029d  Fullstendig navn på feilpakke:   Relativ program-ID
 for feilpakke: 
 
[ System Events ]
Error - 26.03.2017 10:59:56 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.03.2017 11:01:57 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.03.2017 11:03:59 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.03.2017 11:06:00 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.03.2017 11:08:02 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.03.2017 11:10:03 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.03.2017 11:12:05 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.03.2017 11:14:06 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.03.2017 11:16:07 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.03.2017 11:18:08 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---
otl.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.03.2017 16:40:31 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruker\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
 
3,71 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 31,19% Memory free
4,34 Gb Paging File | 1,68 Gb Available in Paging File | 38,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,16 Gb Total Space | 136,63 Gb Free Space | 61,23% Space Free | Partition Type: NTFS
Drive D: | 224,36 Gb Total Space | 224,23 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Bruker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bruker\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\{0E88047A-B923-B3D1-7630-1AB7F5B99A06}\E73F0F62-5094-B8C9-BB09-2EB3FCE03EC7.exe ()
PRC - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe ()
PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Node.js)
PRC - C:\Programfiler\Tablet\Wacom\WacomHost.exe (Wacom Technology)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\{0E88047A-B923-B3D1-7630-1AB7F5B99A06}\E73F0F62-5094-B8C9-BB09-2EB3FCE03EC7.exe ()
MOD - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll ()
MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanMessage5.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe ()
MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node ()
MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node ()
MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node ()
MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node ()
MOD - \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node ()
MOD - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\nb_NO\AcroTray.NOR ()
MOD - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mccspsvc) -- C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McBootDelayStartSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mfemms) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AGSService) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (ClientAnalyticsService) -- C:\programfiler\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe (Intel Security)
SRV - (McODS) -- C:\programfiler\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McAPExe) -- C:\programfiler\Common Files\McAfee\VSCore_15_6\mcapexe.exe (McAfee, Inc.)
SRV - (ModuleCoreService) -- C:\programfiler\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PEFService) -- C:\programfiler\Common Files\Intel Security\PEF\CORE\PEFService.exe (Intel Security, Inc.)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (AdobeUpdateService) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems Incorporated)
SRV - (WTabletServicePro) -- C:\programfiler\Tablet\Wacom\WTabletServicePro.exe (Wacom Technology, Corp.)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\programfiler\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (WSWNDA3100v2) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\drivers\mfeelamk.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeaack) -- C:\Windows\SysNative\drivers\mfeaack.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeplk) -- C:\Windows\SysNative\drivers\mfeplk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.)
DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWB6.sys (Advanced Micro Devices)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (amdkmafd) -- C:\Windows\SysNative\drivers\amdkmafd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (SerComm Corporation)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (mfesapsn) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys (McAfee, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{E47200E5-0FAA-4038-994B-4B06C9BC2599}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E47200E5-0FAA-4038-994B-4B06C9BC2599}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Http://www.startsiden.no/
IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes,DefaultScope = {F3E57936-9225-426B-956B-6C1BA339A707}
IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes\{BC6616EC-D90E-43F0-ADE3-222B3C3CA4CB}: "URL" = hxxp://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes\{E47200E5-0FAA-4038-994B-4B06C9BC2599}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\..\SearchScopes\{F3E57936-9225-426B-956B-6C1BA339A707}: "URL" = https://no.search.yahoo.com/search?fr=mcafee&type=C011NO866D20150906&p={searchTerms}
IE - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "NO"
FF - prefs.js..browser.search.defaultenginename: "Sikkert søk"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: "Sikkert søk"
FF - prefs.js..browser.search.region: "NO"
FF - prefs.js..browser.search.selectedEngine: "Sikkert søk"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:5.0.512.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR\SAFFPLG.XPI [2017.03.26 12:10:20 | 000,121,206 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension.15@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017.01.17 13:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017.03.26 12:10:20 | 000,121,206 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2017.03.26 10:30:26 | 000,000,000 | ---D | M]
 
[2013.12.15 22:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\Extensions
[2017.03.26 12:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\Firefox\Profiles\kuhvipkv.default\extensions
[2017.03.26 12:01:38 | 000,008,115 | ---- | M] () (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\features\{c909a356-566e-4f0b-8c4b-a541e11c2c45}\deployment-checker@mozilla.org.xpi
[2017.03.26 12:01:39 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\features\{c909a356-566e-4f0b-8c4b-a541e11c2c45}\e10srollout@mozilla.org.xpi
[2016.10.27 20:17:36 | 000,005,389 | ---- | M] () (No name found) -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\features\{e6e71a7a-1a69-40f9-b6cf-3ff3b500a881}\asyncrendering@mozilla.org.xpi
[2014.08.23 21:13:06 | 000,001,238 | ---- | M] () -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\searchplugins\buenosearchkms.xml
[2016.04.04 18:16:19 | 000,001,441 | ---- | M] () -- C:\Users\Bruker\AppData\Roaming\mozilla\firefox\profiles\kuhvipkv.default\searchplugins\McSiteAdvisor.xml
[2017.03.26 11:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2017.03.26 12:10:20 | 000,121,206 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR\SAFFPLG.XPI
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\5.0.532.0_0\
CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\Bruker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\
 
O1 HOSTS File: ([2017.03.25 17:34:40 | 000,000,846 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (McAfee WebAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee WebAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2598525157-2036842401-3517805176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O9:64bit: - Extra 'Tools' menuitem : McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O9 - Extra Button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O9 - Extra 'Tools' menuitem : McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B990742-C6AC-49CA-A97B-692A7995B491}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B84E81A-A2E9-4210-9152-7333D84E9D7A}: DhcpNameServer = 82.163.143.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AA16032-4CFC-411B-A182-DC137BED4A1F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73E4C381-0321-40F9-8C1A-7FA672B079C0}: DhcpNameServer = 82.163.143.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEC35DC4-D3D5-4062-BACF-C0B5F3013CBD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\programfiler\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2016.08.26 08:31:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2017.03.26 11:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2017.03.26 10:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2017.03.26 10:30:22 | 000,216,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys
[2017.03.26 10:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel Security
[2017.03.26 10:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2017.03.26 10:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Security
[2017.03.26 10:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2017.03.26 10:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2017.03.26 10:14:28 | 000,342,768 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\mfevtps.exe
[2017.03.26 10:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2017.03.26 08:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2017.03.25 22:50:20 | 000,992,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ucrtbase.dll
[2017.03.25 22:50:20 | 000,921,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ucrtbase.dll
[2017.03.25 22:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
 
========== Files - Modified Within 30 Days ==========
 
[2017.03.26 16:35:30 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2017.03.26 13:48:23 | 000,863,634 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017.03.26 13:48:23 | 000,722,278 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017.03.26 13:48:23 | 000,135,394 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017.03.26 13:48:23 | 000,012,192 | ---- | M] () -- C:\WINDOWS\SysNative\perfh014.dat
[2017.03.26 13:48:23 | 000,004,024 | ---- | M] () -- C:\WINDOWS\SysNative\perfc014.dat
[2017.03.26 13:44:57 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017.03.26 13:42:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017.03.26 13:42:46 | 3189,194,752 | -HS- | M] () -- C:\hiberfil.sys
[2017.03.26 11:51:36 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017.03.26 10:32:03 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\McAfee All Access – Internet Security.lnk
[2017.03.26 08:57:32 | 000,000,246 | ---- | M] () -- C:\Users\Bruker\Desktop\nr_mca.rtf
[2017.03.25 22:59:42 | 000,000,000 | ---- | M] () -- C:\unp305821863110486503.mdmp
[2017.03.25 22:49:56 | 000,921,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ucrtbase.dll
[2017.03.25 22:49:54 | 000,992,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ucrtbase.dll
[2017.03.25 19:36:49 | 000,000,034 | ---- | M] () -- C:\Users\Bruker\AppData\Roaming\AdobeWLCMCache.dat
[2017.03.25 12:04:33 | 000,250,463 | ---- | M] () -- C:\Users\Bruker\Desktop\Masoud Biglari_kunst og håndverk-åsen-skole.pdf
[2017.02.25 21:50:44 | 002,183,056 | ---- | M] () -- C:\Users\Bruker\Documents\Untitled-1.ai
[2017.02.25 21:07:37 | 002,007,096 | ---- | M] () -- C:\Users\Bruker\Documents\m.ai
 
========== Files Created - No Company Name ==========
 
[2017.03.26 11:51:36 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017.03.26 11:51:35 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2017.03.26 10:32:02 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\McAfee All Access – Internet Security.lnk
[2017.03.25 22:59:42 | 000,000,000 | ---- | C] () -- C:\unp305821863110486503.mdmp
[2017.03.25 19:37:39 | 000,000,246 | ---- | C] () -- C:\Users\Bruker\Desktop\nr_mca.rtf
[2017.03.25 11:50:48 | 000,250,463 | ---- | C] () -- C:\Users\Bruker\Desktop\Masoud Biglari_kunst og håndverk-åsen-skole.pdf
[2017.02.25 21:50:39 | 002,183,056 | ---- | C] () -- C:\Users\Bruker\Documents\Untitled-1.ai
[2017.02.25 21:07:32 | 002,007,096 | ---- | C] () -- C:\Users\Bruker\Documents\m.ai
[2017.01.21 22:31:52 | 000,001,456 | ---- | C] () -- C:\Users\Bruker\AppData\Local\Adobe Lagre for web 13.0 Prefs
[2015.11.20 11:46:56 | 000,000,034 | ---- | C] () -- C:\Users\Bruker\AppData\Roaming\AdobeWLCMCache.dat
[2015.08.04 04:56:54 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015.08.04 04:07:42 | 000,143,872 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015.08.04 04:07:34 | 000,189,952 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015.08.04 03:37:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2015.07.18 08:42:58 | 000,000,570 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014.10.18 09:39:18 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.02.12 19:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.12 19:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2016.04.22 18:57:53 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\AMD
[2015.03.10 19:02:27 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\ClassicShell
[2014.08.23 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\DesktopIconGoodgame
[2015.08.30 16:59:35 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\FileZilla
[2016.08.27 16:58:09 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\IObit
[2016.04.22 18:18:38 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\library_dir
[2014.10.19 10:40:03 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\MyHeritage
[2014.12.06 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\Obsidium
[2014.11.01 20:41:28 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\Oracle
[2014.08.23 21:16:40 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\ProductData
[2014.12.06 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\Proxima Software
[2014.08.23 20:33:37 | 000,000,000 | ---D | M] -- C:\Users\Bruker\AppData\Roaming\rmi
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Geändert von cosinus (27.03.2017 um 12:29 Uhr) Grund: code tags

Alt 27.03.2017, 12:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware (viren) eingefangen - Standard

Malware (viren) eingefangen



OTL wird hier nicht mehr verwendet.



Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Antwort

Themen zu Malware (viren) eingefangen
antivirus, bho, bildschirm, desktop, error, flash player, google, homepage, iexplore.exe, install.exe, logfile, malware, mozilla, realtek, registry, scan, security, shark, siteadvisor, software, svchost.exe, trojaner, usb, viren, virus, windows



Ähnliche Themen: Malware (viren) eingefangen


  1. Virus/Viren, z.B. SmartSaver eingefangen
    Plagegeister aller Art und deren Bekämpfung - 26.05.2015 (80)
  2. Habe mir Viren eingefangen und bekomme sie nicht weg!
    Log-Analyse und Auswertung - 24.04.2015 (10)
  3. Habe mir ein paar Viren eingefangen
    Log-Analyse und Auswertung - 14.10.2013 (25)
  4. Habe mir einiges eingefangen (Trojaner/Viren)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (29)
  5. Viren eingefangen, bitte um Hilfe.
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (13)
  6. Hab mir gestern Viren eingefangen LogFile ist drin!
    Log-Analyse und Auswertung - 31.08.2010 (1)
  7. Viren/Malware?
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (1)
  8. Teatimer verhältnismäßig groß - Viren eingefangen?
    Log-Analyse und Auswertung - 10.02.2010 (2)
  9. Mehrere Viren/Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.07.2009 (5)
  10. Viren, Trojaner oder Spywarepacket eingefangen
    Plagegeister aller Art und deren Bekämpfung - 02.05.2009 (17)
  11. Mehrere Viren eingefangen.
    Mülltonne - 06.02.2009 (1)
  12. Hilfe! mehrere Viren eingefangen!
    Log-Analyse und Auswertung - 02.05.2008 (8)
  13. mein Vater hat mir viren us eingefangen
    Log-Analyse und Auswertung - 26.09.2007 (4)
  14. themexp.org >> viren eingefangen
    Log-Analyse und Auswertung - 08.04.2006 (2)
  15. Einige Viren/Trojaner eingefangen..
    Plagegeister aller Art und deren Bekämpfung - 12.03.2006 (7)
  16. Hilfe habe mir Viren und trojaner eingefangen
    Log-Analyse und Auswertung - 05.01.2006 (1)
  17. Hilfe, hab mir ein paar Viren eingefangen!!!
    Log-Analyse und Auswertung - 02.01.2006 (28)

Zum Thema Malware (viren) eingefangen - Hallo. Ich glaube, einen Virus auf dem PC (Win8) bekommen zu haben (Angriff war sichtbar auf dem Bildschirm zu sehen). Mein McAffee lässt sich nicht mehr öffnen (angezeigt wird nur - Malware (viren) eingefangen...
Archiv
Du betrachtest: Malware (viren) eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.