| |
| |||||||
Log-Analyse und Auswertung: trojan.NTPacker in c:\windows\syswow64\propsys.dllWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.03.2013, 15:22
| #1 |
| |  trojan.NTPacker in c:\windows\syswow64\propsys.dll Hallo Community, ich hatte heute morgen als Ostergeschenk nach einem Routine-Scan diese o.g. Bitdefender-Meldung: Bitdefender: Eine gefundene Bedrohung konnte nicht bereinigt werden. trojan.NTPacker in c:\windows\syswow64\propsys.dll Ich habe dann folgende Schritte unternommen: 1. Hijack This Log erstellt 2. propsys.dll mit virustotal geprüft - keine Bedrohung gefunden 3. propsys.dll mit Bitdefender geprüft - keine Bedrohung gefunden 4. c:\windows\ mit Bitdefender geprüft - keine Bedrohung gefunden 5. System erneut mit Bitdefender gescannt: Trojan.NTPacker erneut gefunden - Bitdefender bereinigt 6. System mit Malewarebytes Anti-Malware gescannt: keine infizierten Objekte gefunden 7. Defogger --> Drivers Disabled 8. OTL --> Quickscan 9. Gmer --> Scan von c: Mich irritierte, dass die Datei einmal als infiziert und ein anderes Mal als nicht infiziert erkannt wird. Weiterhin scheint Trojan.NTPacker ein älterer Schädling zu sein. Mich würde eure Einschätzung interessieren, ob dies eine Falschmeldung von Bitdefender war mein System wirklich infiziert ist/war. In diesem Fall werde ich meine System dann wohl mit einem Backup zurücksetzen. Vielen Dank für eure Mühe und frohe Ostern. --- Log Gmer musste ich als Archiv anhängen, da der Post sonst zu lange ist. Virus-Total Log-file: Code:
ATTFilter SHA256: 7ea9be9f33ed3b25d519235391b574fff0110ab1e78d893e397b745cadc9858a
SHA1: 49cb2e4adf54e92fc630b52558998f60a8e2a984
MD5: bfdd523ab06ab9932b6327e52c6e9ae6
File size: 1.1 MB ( 1137152 bytes )
File name: propsys.dll
File type: Win32 DLL
Tags: pedll
Detection ratio: 0 / 46
Analysis date: 2013-03-31 08:02:26 UTC ( 5 hours, 44 minutes ago )
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.31.01 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16519 *** :: *** [Administrator] 31.03.2013 15:38:10 mbam-log-2013-03-31 (15-38-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 442503 Laufzeit: 25 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 31.03.2013 14:28:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,89 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 54,11% Memory free 8,64 Gb Paging File | 6,14 Gb Available in Paging File | 71,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 237,96 Gb Total Space | 66,83 Gb Free Space | 28,09% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.31 10:41:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2013.02.17 02:11:52 | 000,158,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE PRC - [2013.02.11 13:19:52 | 000,663,184 | ---- | M] (Star Finanz-Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2013.01.16 15:11:18 | 000,020,792 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe PRC - [2012.12.18 21:08:44 | 003,478,752 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.26 15:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2012.10.17 20:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2012.10.05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2012.09.30 13:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.09.30 13:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.09.14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2012.08.31 20:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe PRC - [2012.08.24 18:17:14 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2012.08.24 18:17:10 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2012.07.24 19:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2012.05.28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2012.04.13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2013.03.13 09:06:12 | 000,312,896 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\appvisvstream32.dll MOD - [2013.03.13 09:06:11 | 000,354,448 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\c2r32.dll MOD - [2012.09.23 21:43:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu MOD - [2012.08.24 18:17:08 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.01 12:49:10 | 001,645,256 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.13 20:49:57 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.30 13:27:00 | 000,030,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService) SRV:64bit: - [2012.07.30 13:26:58 | 000,029,056 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:12 | 000,331,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.03.01 12:48:59 | 000,069,392 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental) SRV - [2013.02.25 20:24:16 | 001,861,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV - [2013.02.11 13:19:52 | 000,663,184 | ---- | M] (Star Finanz-Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 9.0 OnlineUpdate) SRV - [2013.02.07 14:24:12 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.16 13:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.15 19:42:48 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.11.15 19:42:30 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.11.15 19:42:18 | 000,617,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.11.15 19:41:52 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.11.13 09:25:42 | 000,755,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2012.10.01 09:22:52 | 000,359,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2012.09.30 13:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.09.30 13:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.08.15 15:09:30 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.04.13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.14 23:46:21 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon) DRV:64bit: - [2013.02.16 23:45:49 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2013.02.07 06:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.02.02 09:24:50 | 000,117,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP) DRV:64bit: - [2013.02.02 09:24:42 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthHfAud.sys -- (BthHFAud) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.16 15:11:34 | 000,065,784 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP) DRV:64bit: - [2013.01.11 21:31:18 | 000,707,528 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avc3.sys -- (avc3) DRV:64bit: - [2013.01.11 21:31:18 | 000,589,000 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\avckf.sys -- (avckf) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.29 16:27:36 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012.11.29 16:27:36 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012.11.29 16:27:34 | 000,188,896 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort) DRV:64bit: - [2012.11.29 16:27:34 | 000,047,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.22 14:18:58 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.13 09:22:16 | 000,156,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.11.13 09:22:16 | 000,156,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.11.12 18:11:19 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bdsandbox.sys -- (BDSandBox) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.11.02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\avchv.sys -- (avchv) DRV:64bit: - [2012.10.31 13:13:18 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\trufos.sys -- (trufos) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.11 05:51:49 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\serscan.sys -- (StillCam) DRV:64bit: - [2012.10.01 15:41:40 | 001,337,216 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.10.01 15:41:38 | 000,132,480 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.09.18 11:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2012.09.18 11:32:32 | 000,075,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2012.09.18 11:32:32 | 000,061,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2012.09.18 11:32:32 | 000,015,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2012.08.29 18:24:10 | 000,145,696 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\gzflt.sys -- (gzflt) DRV:64bit: - [2012.08.06 12:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.08.02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.24 19:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2012.07.24 05:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.07.13 10:50:40 | 000,361,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfManager.sys -- (DptfManager) DRV:64bit: - [2012.07.13 10:50:40 | 000,064,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevGen.sys -- (DptfDevGen) DRV:64bit: - [2012.07.13 10:50:38 | 000,107,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevDram.sys -- (DptfDevDram) DRV:64bit: - [2012.07.13 10:50:36 | 000,042,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevFan.sys -- (DptfDevFan) DRV:64bit: - [2012.07.13 10:50:34 | 000,096,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevPch.sys -- (DptfDevPch) DRV:64bit: - [2012.07.13 10:50:32 | 000,228,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevProc.sys -- (DptfDevProc) DRV:64bit: - [2012.07.11 07:48:42 | 000,023,456 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bdelam.sys -- (bdelam) DRV:64bit: - [2012.06.15 07:50:46 | 000,315,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:64bit: - [2012.05.31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch) DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dne64x.sys -- (DNE) DRV - [2012.12.16 13:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.10.17 15:13:46 | 000,106,568 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2012.09.03 11:46:15 | 000,097,816 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV - [2011.09.07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..\SearchScopes,DefaultScope = {90854AC0-E50B-4A50-82A3-19E68C8219A6} IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..\SearchScopes\{90854AC0-E50B-4A50-82A3-19E68C8219A6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://proxy.uni-***.de/wpad.dat ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013.02.16 23:06:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.02.17 00:34:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.02.20 16:03:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.02.16 23:06:11 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: *Split Screen* = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\eachfleknamlcepmplpdghagngjfjkin\0.8.76_0\ CHR - Extension: Logitech SetPoint = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\ CHR - Extension: Adobe Acrobat \u2013 PDF-Datei erstellen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\ CHR - Extension: Mindomo Bookmarks = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghabekkoaicdmfgggmocafcdllmdhamb\1.0_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Clearly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\8.3358.555.445_0\ CHR - Extension: Speed Dial 2 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\ CHR - Extension: Evernote Web = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\ CHR - Extension: Evernote Web Clipper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.12_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: *Split Screen* = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\eachfleknamlcepmplpdghagngjfjkin\0.8.76_0\ CHR - Extension: Logitech SetPoint = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\ CHR - Extension: Adobe Acrobat \u2013 PDF-Datei erstellen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\ CHR - Extension: Mindomo Bookmarks = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghabekkoaicdmfgggmocafcdllmdhamb\1.0_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Clearly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\8.3358.555.445_0\ CHR - Extension: Speed Dial 2 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\ CHR - Extension: Evernote Web = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\ CHR - Extension: Evernote Web Clipper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.12_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O3 - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKU\S-1-5-21-2218533122-975564155-45232078-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..Trusted Domains: amazon.de ([]https in Trusted sites) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9409DE07-394A-431B-B9E0-131D09852AE3}: NameServer = 192.168.137.1,172.16.102.254 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9fb36865-923a-11e2-be8a-c485084a09ce}\Shell - "" = AutoRun O33 - MountPoints2\{9fb36865-923a-11e2-be8a-c485084a09ce}\Shell\AutoRun\command - "" = "D:\LaunchU3.exe" -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.31 10:37:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.31 10:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.31 10:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.31 10:37:34 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.31 10:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.29 21:38:15 | 000,147,232 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys.upd [2013.03.27 11:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.26 00:46:16 | 000,000,000 | R--D | C] -- C:\Sandbox [2013.03.26 00:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2013.03.26 00:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2013.03.26 00:28:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.26 00:18:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PE Explorer [2013.03.20 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss [2013.03.20 11:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 9.0 [2013.03.20 11:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0 [2013.03.20 11:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects [2013.03.20 11:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\StarFinanz [2013.03.20 11:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarMoney 9.0 [2013.03.18 22:21:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDFab [2013.03.18 17:08:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Mindomo Translation [2013.03.14 23:48:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2013.03.13 14:56:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Intel [2013.03.13 08:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 08:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 08:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 21:07:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology [2013.03.12 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CloudStation [2013.03.12 19:06:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage [2013.03.12 12:20:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\assembly [2013.03.12 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Timeline 2012 [2013.03.11 14:41:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2013.03.10 17:56:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla [2013.03.10 17:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013.03.10 17:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2013.03.10 17:49:28 | 000,000,000 | --SD | C] -- C:\Users\***\Documents\Meine Websites [2013.03.10 17:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression [2013.03.10 17:48:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2013.03.10 17:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression [2013.03.10 00:49:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2013.03.10 00:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.10 00:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.03.09 11:36:09 | 000,000,000 | -H-D | C] -- C:\Users\***\.swt [2013.03.09 11:36:09 | 000,000,000 | -H-D | C] -- C:\Users\***\.phase-6 [2013.03.09 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Phase6 [2013.03.09 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2013.03.09 11:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase6 [2013.03.09 11:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6 [2013.03.09 11:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase-6 [2013.03.07 15:18:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDFab [2013.03.05 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\EndNote [2013.03.05 16:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd [2013.03.05 16:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft [2013.03.05 16:37:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote [2013.03.05 16:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote [2013.03.05 16:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X6 [2013.03.05 16:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers [2013.03.05 16:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client [2013.03.05 16:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2013.03.05 16:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems [2013.03.03 19:28:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.03.03 15:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.03.03 15:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.03.03 15:30:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.03.03 15:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.03.03 15:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.03.03 15:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.03.03 15:30:22 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.03.03 15:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.03.03 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\e-academy Inc [2013.03.03 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\e-academy Inc [2013.03.01 14:48:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FreeFileSync ========== Files - Modified Within 30 Days ========== [2013.03.31 14:26:07 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.03.31 14:10:43 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.31 14:10:43 | 000,760,560 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.31 14:10:43 | 000,717,670 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.31 14:10:43 | 000,158,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.31 14:10:43 | 000,135,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.31 14:06:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218533122-975564155-45232078-1001UA.job [2013.03.31 13:53:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.31 10:39:44 | 000,731,476 | ---- | M] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten_ - Trojaner-Board.pdf [2013.03.31 10:37:36 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.29 21:38:15 | 000,147,232 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys.upd [2013.03.29 17:06:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218533122-975564155-45232078-1001Core.job [2013.03.29 16:33:03 | 000,001,768 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013.03.29 16:25:26 | 000,001,099 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013.03.28 08:33:37 | 000,000,423 | ---- | M] () -- C:\Users\***\AppData\Roaming\sp_data.sys [2013.03.27 19:41:07 | 402,653,184 | -HS- | M] () -- C:\swapfile.sys [2013.03.27 11:28:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.27 11:22:55 | 3340,091,392 | -HS- | M] () -- C:\hiberfil.sys [2013.03.26 19:33:10 | 000,000,016 | -H-- | M] () -- C:\ProgramData\obtf601 [2013.03.26 00:41:49 | 000,000,914 | ---- | M] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk [2013.03.20 22:03:16 | 000,451,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.20 11:57:03 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 9.0.lnk [2013.03.20 11:56:33 | 000,017,486 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\services [2013.03.14 23:46:21 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2013.03.12 00:40:52 | 000,002,452 | ---- | M] () -- C:\Users\***\Desktop\Diskstation.lnk [2013.03.11 15:31:07 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk [2013.03.10 12:38:09 | 000,002,840 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.10 00:48:54 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.09 12:38:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf [2013.03.09 11:36:01 | 000,001,265 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013.03.09 11:36:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\phase-6 desktop.lnk [2013.03.08 17:15:41 | 000,000,021 | ---- | M] () -- C:\Users\***\AppData\Roaming\my_intel.sys [2013.03.07 12:08:32 | 000,002,300 | ---- | M] () -- C:\Users\***\Desktop\VPN-Einwahl_****.LNK [2013.03.06 14:56:44 | 000,000,498 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml [2013.03.05 16:20:31 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2013.03.05 16:18:50 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ========== Files Created - No Company Name ========== [2013.03.31 14:26:07 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.03.31 10:39:44 | 000,731,476 | ---- | C] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten_ - Trojaner-Board.pdf [2013.03.31 10:37:36 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 00:44:12 | 000,000,914 | ---- | C] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk [2013.03.26 00:44:09 | 000,001,768 | ---- | C] () -- C:\Windows\Sandboxie.ini [2013.03.20 11:57:03 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 9.0.lnk [2013.03.15 22:20:56 | 000,451,192 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.12 00:39:25 | 000,002,452 | ---- | C] () -- C:\Users\***\Desktop\Diskstation.lnk [2013.03.10 12:38:09 | 000,002,840 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.10 00:48:54 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.09 12:38:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf [2013.03.09 11:36:01 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013.03.09 11:36:00 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\phase-6 desktop.lnk [2013.03.08 17:15:41 | 000,000,021 | ---- | C] () -- C:\Users\***\AppData\Roaming\my_intel.sys [2013.03.07 12:08:32 | 000,002,300 | ---- | C] () -- C:\Users\***\Desktop\VPN-Einwahl_***.LNK [2013.03.05 21:40:19 | 000,000,498 | ---- | C] () -- C:\Windows\SysNative\checkdnsid.xml [2013.03.05 16:18:50 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013.03.05 16:18:48 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF [2013.02.23 19:45:10 | 000,149,880 | ---- | C] () -- C:\Windows\wiainst64.exe [2013.02.23 01:35:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.02.20 15:47:53 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf601 [2013.02.16 23:07:09 | 000,549,266 | ---- | C] () -- C:\ProgramData\1361048499.bdinstall.bin [2013.02.16 17:15:55 | 000,000,460 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.02.16 15:06:14 | 000,000,423 | ---- | C] () -- C:\Users\***\AppData\Roaming\sp_data.sys [2013.02.16 14:52:12 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 03:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 03:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.02.16 23:17:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.16 23:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bitdefender [2013.03.03 01:22:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2013.03.22 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2013.03.07 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDFab [2013.03.03 14:21:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2013.03.05 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EndNote [2013.03.10 18:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2013.03.01 19:56:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFileSync [2013.02.20 15:47:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GraphPad Software [2013.03.30 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2013.02.27 14:19:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hulubulu [2013.02.20 11:16:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWesoft [2013.02.17 01:59:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JDownloader Packages [2013.02.20 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2013.03.09 14:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2013.02.16 23:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindomoDesktop [2013.02.17 15:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDAppFlex [2013.03.26 00:19:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PE Explorer [2013.03.09 11:36:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Phase6 [2013.03.03 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.02.16 23:03:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2013.02.23 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Similarity [2013.03.26 10:56:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software [2013.02.17 00:11:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt ========== Purity Check ========== < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.03.2013 14:28:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 54,11% Memory free
8,64 Gb Paging File | 6,14 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237,96 Gb Total Space | 66,83 Gb Free Space | 28,09% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AE0DCFD-E19F-4022-9B3A-9C1623971D55}" = lport=137 | protocol=17 | dir=in | app=system |
"{26BA0778-D3C2-44BB-8DFF-E0B40896F26B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{293C788B-3A90-44D6-AD69-2D7BCFDCCEB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B7EABDB-5533-40A2-AE87-BEFD86CF95B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{538BB2C5-2408-46D5-8625-16AB3237BA04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54F6DE83-CD9B-4C5A-BA3D-158B78D654E2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{56803B33-F7C4-4041-8694-FA51D5C29FD8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{58B4A8B4-0B51-4AC3-9911-D43EDD3F246D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{64C8F6CB-FE2A-47EC-82CD-3FD5A99903B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EF19CDB-E094-4BE3-B561-819B49C1DA6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B395933-34D6-4C86-9C26-29660B632F4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82995809-EA67-4C0E-9634-7F54145693B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{8CA28246-B36A-4306-B144-AFD8FBB42474}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8D003DAD-EAAE-46AA-8FBE-37489E5A9406}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{90005D76-E8B2-41A5-949D-3F7A35652E5F}" = lport=138 | protocol=17 | dir=in | app=system |
"{9BB3DEF7-4698-4599-8993-832988FB02BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{A1D2E3D9-DBCE-40FF-B82B-1419AF83A345}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE96B999-6B59-4B7B-955E-63260E5569B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B52C50F4-5376-4975-A0F2-5BEA58FAD1B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C84FBB06-8A10-4308-B941-5EBD24B81264}" = rport=139 | protocol=6 | dir=out | app=system |
"{E504D07A-AD8D-4773-91FD-E38015E94CD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1BBC1EF-470B-40D9-95D1-8F9F8551167B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0009CCD6-3E8A-4F05-879F-5D4F323B2947}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{00775F8E-D3F9-4E0D-A8ED-6F61449F3E7D}" = dir=in | app=c:\users\***\appdata\local\microsoft\skydrive\skydrive.exe |
"{048D8E0B-9F29-47EA-BC9E-93756555D72D}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{0B861142-6D3B-4C65-99A3-D2CBEE8571D5}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{10797869-F557-4FE3-AFFA-AADF0FC72C53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1C3C0C3A-929D-41F1-AA5B-4108E6D4AA9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1FDFDFAD-80AC-452F-93C3-4A254BEE6D07}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{20712FC1-0D09-4BD4-8758-F1D8EE290BDE}" = protocol=6 | dir=out | app=system |
"{236834F2-85CF-4F0A-86DA-24824085AC3A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25048CC6-13A5-4342-ABDE-C1F44C111710}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{2C6CF517-EAEE-4C7A-ADB3-B7F93B75EEBD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D90B7F4-7B87-447C-B681-A514CB443ED1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E5B0E9D-0F34-4DAD-A117-2D8EFBEEBEEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2EFA1381-14D7-4595-AA18-DC14E3FB144B}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{343BFB22-46FF-4AD9-9AD6-2081AB3E536E}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{3554D20A-E7FF-45ED-BC03-31FA6BF89E54}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3CFFF97A-3475-4BA6-85CD-E788B8E24D07}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3D80CEF1-D002-496A-A220-1BCEABC70CED}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{41864EAB-2A36-4527-B409-0DFC19E80456}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4935095A-9946-4A91-A007-20CFA0519080}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{49697E7A-A698-43E6-9FB5-AA2BA5EB0C79}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CA784A2-67D2-45B4-9C36-0622B6DE9086}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 9.0\ouservice\starmoneyonlineupdate.exe |
"{521A156C-53CB-4A42-BFDD-7E5337D6375D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A4C1122-8FBD-4D7B-B451-551DDC712A46}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C31CF20-1743-46E8-B135-21E38F8243C0}" = dir=out | name=audible - audiobooks and more |
"{6CB91D21-E624-4CB3-9024-B76C9A3C21F1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{6CE1E5B3-3D91-436C-9608-9E30E9193B8D}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{6DA75465-2664-4347-B3C6-1300BB2F6F5B}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{6F038349-A8D5-4045-AC83-A3F07C209894}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72E200F4-9BF5-4EAB-B91D-2BCF04C42E8F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{7CF8A4A4-58B6-4852-885B-F3A3A47DFB75}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{859D728A-B722-42DB-8C4B-72B75559B7AF}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8637B704-A554-4914-B0FD-A3B41370716D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8A2CDF4D-1479-4B23-A4C8-E947CEBC5547}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E34D274-093E-4FAB-A212-6D7F3D5DB89C}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{90729852-34E1-4374-808A-AF866E016D1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9424C9B1-4665-42B8-8D32-2612F100E482}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{94BCDFE5-343E-4A4D-A404-1A5236A42D28}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A2EB2E99-F570-4CD6-8A3F-5CED5598F21B}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{A35C5D14-9D8E-4741-BA62-A0681B551A6E}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A594B2C0-FC31-4018-9A6F-B3654B8E6836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7ED8465-44F9-49EE-8BB7-CBE4DE909708}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A8F16DF3-8689-449C-835C-1F45D41A7CDA}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B46DB914-0B6C-4713-937A-11D073F8F11D}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{B95D285D-ABEA-47E1-AE90-4DE14718A1B3}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 9.0\app\starmoney.exe |
"{BC45C94B-C098-4032-BB79-BA6247E31ADC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BDB843F6-E8C1-48E2-B265-ED45230C23C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C0891F1B-4EDE-4C5D-BD51-73131C3942A5}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C850DF4F-DDD8-45AD-9CA8-82D8804F4805}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 9.0\app\starmoney.exe |
"{CF5C17D6-F4E2-41A0-98FB-A83A1AA2B09D}" = dir=out | name=myspass-app: tv-shows kostenlos anschauen! |
"{D7375F81-BB6A-440D-9AE6-879A5FE04697}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 9.0\ouservice\starmoneyonlineupdate.exe |
"{D7D5E203-3A16-41F2-866F-F4EB76074C62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D964FDBE-F2A0-4032-B25F-CA00DBF715DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC5EF801-3D46-46C6-AE3B-88063FD574B5}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E17690F8-BA4C-4EC8-AC59-91F8293B7F1F}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{ED812124-2FDB-4411-BCEE-7D81DF95523C}" = dir=out | name=tunein radio |
"{F5E72441-04DE-490A-AD27-FF85A7DEF658}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6714603-59EE-4AE0-A7CC-3203E054793E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{F9F2D875-3DB5-4990-AF05-569880E7D584}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC0AD48D-C960-48D6-BAF3-4972BC7BC5AA}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{23D486D4-FBE0-40F3-A245-E4D56D094764}" = Intel(R) WiDi
"{2E55EED1-49D4-4A07-B2B9-3EC5BB371F12}" = calibre 64bit
"{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}" = Bonjour-Druckdienste
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5B621B3B-FE1D-4835-AA5A-0E0A3437932B}" = Similarity 64-bit 1.8.2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PRJPROR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPROR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPROR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PRJPROR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PRJPROR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-1000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8388E8B0-3DC3-4A7B-9EE0-FCBB1C3363F6}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{91140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{962E1735-D2E0-4813-AB9F-C6CBA09E759A}" = Intel® PROSet/Wireless WiFi-Software
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A74AB300-5777-41B7-91A2-C21875D4A483}" = Bonjour
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F13921D6-AE6D-41BF-807A-17BD99C0A4FD}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5" = Windows-Treiberpaket - ASUS (ATP) Mouse (01/10/2013 1.0.0.170)
"Bitdefender" = Bitdefender Internet Security 2013
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de
"Office14.PRJPROR" = Microsoft Project Professional 2010
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.76 (64-bit)
"sp6" = Logitech SetPoint 6.51
"VLC media player" = VLC media player 2.0.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3C35C2A2-6537-3AB3-CCA2-F15A792E347C}" = Mindomo Desktop
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{534E1993-A9FE-4DFC-8C5B-A173A419EDF4}" = AX88772B_AX88772A_AX88772 Windows 8 Drivers
"{5A6DB7C1-E646-4842-A562-49C5EB8F2B47}" = StarMoney
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{6AF7A3DF-581E-4AB7-ACAF-2051FF7E8ACF}" = Similarity 1.8.1
"{6E839820-0BBA-4310-9D06-4463BAEA6641}" = Secure Download Manager
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C0508079-0000-4F68-A4DF-29C7ED7182C6}" = SlimDrivers
"{C611819E-5ED9-4CCC-88D4-EC0468FA3EC4}" = mSecure
"{DCA64D50-CD50-4E48-AAFE-F6AF9B09A200}" = Free Screenshot Capture
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EBC2CAA0-E793-490C-98E4-69BAF74C0E62}" = StarMoney 9.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F902AB2B-7816-4CBD-A385-F2549F62956B}" = StarMoney
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Advanced Renamer_is1" = Advanced Renamer
"Cardiac Auscultation" = Cardiac Auscultation 1.0
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.7 (06/02/2013) Qt
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel(R) Dynamic Platform and Thermal Framework
"FileZilla Client" = FileZilla Client 3.6.0.2
"FreeFileSync" = FreeFileSync 5.12
"Handbrake" = Handbrake 5248 Nightly
"InstallShield_{534E1993-A9FE-4DFC-8C5B-A173A419EDF4}" = AX88772B_AX88772A_AX88772 Windows 8 Drivers
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaMonkey_is1" = MediaMonkey 4.0
"MindomoDesktop" = Mindomo Desktop
"phase-6" = phase-6 2.3.2b
"PhotoScape" = PhotoScape
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"TrueCrypt" = TrueCrypt
"Web_4.0.1460.0" = Microsoft Expression Web 4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2218533122-975564155-45232078-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"JDownloader Packages" = JDownloader Packages
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Synology CloudStation" = Synology Cloud Station (remove only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2013 17:58:35 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 27.03.2013 05:29:43 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DVDFab.exe, Version: 8.2.2.7, Zeitstempel:
0x5111e1b3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x397ec78e ID des fehlerhaften Prozesses:
0xf00 Startzeit der fehlerhaften Anwendung: 0x01ce2acd9ce028c4 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\DVDFab 8 Qt\DVDFab.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: dac82919-96c0-11e2-be8b-86f52f1122a5 Vollständiger Name
des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 27.03.2013 14:27:09 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneIn.exe, Version: 1.1.0.0, Zeitstempel:
0x51438ee0 Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.2.9200.16518,
Zeitstempel: 0x510cb7a8 Ausnahmecode: 0xc000027b Fehleroffset: 0x007c456a ID des fehlerhaften
Prozesses: 0x4f0 Startzeit der fehlerhaften Anwendung: 0x01ce2acd173dabb4 Pfad der
fehlerhaften Anwendung: C:\Program Files\WindowsApps\TuneIn.TuneInRadio_1.1.0.0_neutral__6bhtb546zcxnj\TuneIn.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\Windows.UI.Xaml.dll Berichtskennung:
eeda97e6-970b-11e2-be8b-86f52f1122a5 Vollständiger Name des fehlerhaften Pakets:
TuneIn.TuneInRadio_1.1.0.0_neutral__6bhtb546zcxnj Anwendungs-ID, die relativ zum
fehlerhaften Paket ist: App
Error - 29.03.2013 10:03:11 | Computer Name =*** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 29.03.2013 10:24:10 | Computer Name = *** | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Das Paket „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy“ wurde beendet,
da das Anhalten zu lange dauerte.
Error - 29.03.2013 10:24:12 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm WWAHost.exe, Version 6.2.9200.16420 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a18 Startzeit: 01ce2c8903aee140 Endzeit: 4294967295 Anwendungspfad:
C:\Windows\System32\WWAHost.exe Berichts-ID: 524ede3c-987c-11e2-be8b-86f52f1122a5
Vollständiger
Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Windows.Store
Error - 30.03.2013 09:59:16 | Computer Name = ***| Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16518 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1be0 Startzeit: 01ce2d494b61515a Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: fced8c34-9941-11e2-be8b-86f52f1122a5
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 31.03.2013 07:53:34 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.03.2013 07:53:34 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1187
Error - 31.03.2013 07:53:34 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1187
[ System Events ]
Error - 29.03.2013 11:34:03 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 29.03.2013 11:39:08 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 29.03.2013 11:49:14 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 29.03.2013 11:49:14 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 29.03.2013 11:49:14 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 30.03.2013 09:42:59 | Computer Name = ***| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 30.03.2013 09:42:59 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 30.03.2013 09:43:37 | Computer Name = ***| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 30.03.2013 13:02:15 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 31.03.2013 07:54:33 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
< End of report >
Geändert von Eimer-Henkel (31.03.2013 um 15:30 Uhr) |
|
31.03.2013, 19:54
| #2 |
| /// TB-Ausbilder  | trojan.NTPacker in c:\windows\syswow64\propsys.dll Also ich vermute dass das ein Fehlalarm war. Wir schauen aber nochmal nach:
__________________!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Scan mit aswMBR
__________________ |
|
31.03.2013, 22:12
| #3 |
| | trojan.NTPacker in c:\windows\syswow64\propsys.dll Hallo Ryder,
__________________vielen Dank für deine Antwort. Das gewünschte Log: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-31 22:51:24
-----------------------------
22:51:24.375 OS Version: Windows x64 6.2.9200
22:51:24.376 Number of processors: 4 586 0x3A09
22:51:24.378 ComputerName: *** UserName: ***
22:51:24.429 Initialze error 1
22:54:29.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
22:54:29.300 Disk 0 Vendor: ADATA_XM11_256GB 5.0.2a Size: 244198MB BusType: 11
22:54:29.310 Disk 0 MBR read successfully
22:54:29.316 Disk 0 MBR scan
22:54:29.322 Disk 0 unknown MBR code
22:54:29.329 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
22:54:29.337 Disk 0 scanning C:\Windows\system32\drivers
22:54:29.345 Service scanning
22:54:29.903 Modules scanning
22:54:29.912 Disk 0 trace - called modules:
22:54:29.929 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
22:54:29.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005463060]
22:54:29.949 3 CLASSPNP.SYS[fffff88000b808aa] -> nt!IofCallDriver -> [0xfffffa80036836f0]
22:54:29.961 5 ACPI.sys[fffff88001001a91] -> nt!IofCallDriver -> \Device\0000004f[0xfffffa8003b97060]
22:54:29.973 Scan finished successfully
22:54:43.386 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
22:54:43.406 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
31.03.2013, 22:17
| #4 |
| /// TB-Ausbilder | trojan.NTPacker in c:\windows\syswow64\propsys.dll Nichts zu sehen. Aber wir testen weiter: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern! 
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
01.04.2013, 06:19
| #5 |
| | trojan.NTPacker in c:\windows\syswow64\propsys.dll Guten Morgen, hier die kommt das ESET-Ergebnis: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef3a607ab885244fa9e91e04190c4640
# engine=13523
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-01 12:01:31
# local_time=2013-04-01 02:01:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 964728 7154963 0 0
# scanned=281926
# found=3
# cleaned=0
# scan_time=7852
sh=4744B796ACB90C9322E7910B651188AE46C3112D ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\***\AppData\Local\Temp\bdsandbox\HarddiskVolume4\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00817b"
sh=847269D43AA89157E14CB2B572BED31D745A57A3 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\***\AppData\Local\Temp\bdsandbox\HarddiskVolume4\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00817e"
sh=3DB94E0F917174307FD6A9211F55FDEE661A963D ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\***\AppData\Local\Temp\bdsandbox\HarddiskVolume4\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008180"
|
|
01.04.2013, 10:25
| #6 |
| /// TB-Ausbilder | trojan.NTPacker in c:\windows\syswow64\propsys.dll Also in deiner Sandbox ist etwas aber ansonsten nix.
__________________ --> trojan.NTPacker in c:\windows\syswow64\propsys.dll |
|
01.04.2013, 17:34
| #7 |
| | trojan.NTPacker in c:\windows\syswow64\propsys.dll Verstehe ich das dann richtig: Wenn ich die Chrome-Sandbox lösche ist alles sauber (auch MBR) (oder wie hoch ist die Wahrscheinlichkeit, dass ein Key-Logger o.Ä. irgendwo in den unendlichen Weiten meines Systems sistiert)? Die Tatsache, dass Bitdefender zweifach auf die propsys.dll im Systemordner angeschlagen hat, beunruhigt dann doch etwas.  Du als Profi würdest also dein System in diesem Fall nicht neu aufsetzen bzw. zurücksetzen? Grüße und  |
|
01.04.2013, 17:59
| #8 |
| /// TB-Ausbilder | trojan.NTPacker in c:\windows\syswow64\propsys.dll Ich als Profi würde gar nichts machen und mich nicht von jedem Alarm in Panik versetzen lassen. 
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
01.04.2013, 18:11
| #9 |
| | trojan.NTPacker in c:\windows\syswow64\propsys.dll Alles klar. Nochmals ein herzliches und einen schönen Abend! |
|
01.04.2013, 18:13
| #10 |
| /// TB-Ausbilder | trojan.NTPacker in c:\windows\syswow64\propsys.dll Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu trojan.NTPacker in c:\windows\syswow64\propsys.dll |
| 7-zip, adblock, bho, bonjour, browser, excel, firefox, format, helper, hijack, hijack this, homepage, html/scrinject.b.gen, hängen, iexplore.exe, install.exe, jdownloader, monitor, msiexec.exe, office 365, realtek, recuva, registry, rundll, schädling, starmoney, svchost.exe, system, virus, visual studio, warnung, windows, windowsapps |
Linear-Darstellung
