| Eimer-Henkel | 31.03.2013 15:22 |
trojan.NTPacker in c:\windows\syswow64\propsys.dll
Hallo Community,
ich hatte heute morgen als Ostergeschenk nach einem Routine-Scan diese o.g. Bitdefender-Meldung:
Bitdefender: Eine gefundene Bedrohung konnte nicht bereinigt werden.
trojan.NTPacker
in c:\windows\syswow64\propsys.dll
Ich habe dann folgende Schritte unternommen:
1. Hijack This Log erstellt
2. propsys.dll mit virustotal geprüft - keine Bedrohung gefunden
3. propsys.dll mit Bitdefender geprüft - keine Bedrohung gefunden
4. c:\windows\ mit Bitdefender geprüft - keine Bedrohung gefunden
5. System erneut mit Bitdefender gescannt: Trojan.NTPacker erneut gefunden - Bitdefender bereinigt
6. System mit Malewarebytes Anti-Malware gescannt: keine infizierten Objekte gefunden
7. Defogger --> Drivers Disabled
8. OTL --> Quickscan
9. Gmer --> Scan von c:
Mich irritierte, dass die Datei einmal als infiziert und ein anderes Mal als nicht infiziert erkannt wird. Weiterhin scheint Trojan.NTPacker ein älterer Schädling zu sein.
Mich würde eure Einschätzung interessieren, ob dies eine Falschmeldung von Bitdefender war mein System wirklich infiziert ist/war. In diesem Fall werde ich meine System dann wohl mit einem Backup zurücksetzen.
Vielen Dank für eure Mühe und frohe Ostern.
--- Log
Gmer musste ich als Archiv anhängen, da der Post sonst zu lange ist.
Virus-Total Log-file: Code:
SHA256: 7ea9be9f33ed3b25d519235391b574fff0110ab1e78d893e397b745cadc9858a
SHA1: 49cb2e4adf54e92fc630b52558998f60a8e2a984
MD5: bfdd523ab06ab9932b6327e52c6e9ae6
File size: 1.1 MB ( 1137152 bytes )
File name: propsys.dll
File type: Win32 DLL
Tags: pedll
Detection ratio: 0 / 46
Analysis date: 2013-03-31 08:02:26 UTC ( 5 hours, 44 minutes ago )
Malwarebytes Anti-Maleware: Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.03.31.01
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
*** :: *** [Administrator]
31.03.2013 15:38:10
mbam-log-2013-03-31 (15-38-10).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442503
Laufzeit: 25 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
OTL Log: OTL Logfile: Code:
OTL logfile created on: 31.03.2013 14:28:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 54,11% Memory free
8,64 Gb Paging File | 6,14 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237,96 Gb Total Space | 66,83 Gb Free Space | 28,09% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.31 10:41:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.02.17 02:11:52 | 000,158,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2013.02.11 13:19:52 | 000,663,184 | ---- | M] (Star Finanz-Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2013.01.16 15:11:18 | 000,020,792 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012.12.18 21:08:44 | 003,478,752 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.26 15:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.10.17 20:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.10.05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2012.09.30 13:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.09.30 13:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.09.14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.08.31 20:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012.08.24 18:17:14 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012.08.24 18:17:10 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012.07.24 19:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012.05.28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012.04.13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.13 09:06:12 | 000,312,896 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013.03.13 09:06:11 | 000,354,448 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2012.09.23 21:43:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2012.08.24 18:17:08 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.03.01 12:49:10 | 001,645,256 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.13 20:49:57 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.30 13:27:00 | 000,030,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2012.07.30 13:26:58 | 000,029,056 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:12 | 000,331,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.03.01 12:48:59 | 000,069,392 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2013.02.25 20:24:16 | 001,861,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV - [2013.02.11 13:19:52 | 000,663,184 | ---- | M] (Star Finanz-Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 9.0 OnlineUpdate)
SRV - [2013.02.07 14:24:12 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.16 13:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.11.15 19:42:48 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.11.15 19:42:30 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.11.15 19:42:18 | 000,617,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.11.15 19:41:52 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.11.13 09:25:42 | 000,755,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2012.10.01 09:22:52 | 000,359,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012.09.30 13:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.09.30 13:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.08.15 15:09:30 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.04.13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.03.14 23:46:21 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013.02.16 23:45:49 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.02.07 06:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.02.02 09:24:50 | 000,117,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013.02.02 09:24:42 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthHfAud.sys -- (BthHFAud)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.16 15:11:34 | 000,065,784 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2013.01.11 21:31:18 | 000,707,528 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013.01.11 21:31:18 | 000,589,000 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.11.29 16:27:36 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012.11.29 16:27:36 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012.11.29 16:27:34 | 000,188,896 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012.11.29 16:27:34 | 000,047,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.22 14:18:58 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.13 09:22:16 | 000,156,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.11.13 09:22:16 | 000,156,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.11.12 18:11:19 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.11.02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012.10.31 13:13:18 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.11 05:51:49 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2012.10.01 15:41:40 | 001,337,216 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012.10.01 15:41:38 | 000,132,480 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.09.18 11:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012.09.18 11:32:32 | 000,075,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2012.09.18 11:32:32 | 000,061,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012.09.18 11:32:32 | 000,015,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012.08.29 18:24:10 | 000,145,696 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2012.08.06 12:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.08.02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.24 19:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012.07.24 05:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.13 10:50:40 | 000,361,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012.07.13 10:50:40 | 000,064,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012.07.13 10:50:38 | 000,107,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012.07.13 10:50:36 | 000,042,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012.07.13 10:50:34 | 000,096,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012.07.13 10:50:32 | 000,228,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012.07.11 07:48:42 | 000,023,456 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bdelam.sys -- (bdelam)
DRV:64bit: - [2012.06.15 07:50:46 | 000,315,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012.05.31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dne64x.sys -- (DNE)
DRV - [2012.12.16 13:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.10.17 15:13:46 | 000,106,568 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2012.09.03 11:46:15 | 000,097,816 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011.09.07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..\SearchScopes,DefaultScope = {90854AC0-E50B-4A50-82A3-19E68C8219A6}
IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..\SearchScopes\{90854AC0-E50B-4A50-82A3-19E68C8219A6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2218533122-975564155-45232078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://proxy.uni-***.de/wpad.dat
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013.02.16 23:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.02.17 00:34:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.02.20 16:03:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.02.16 23:06:11 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: *Split Screen* = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\eachfleknamlcepmplpdghagngjfjkin\0.8.76_0\
CHR - Extension: Logitech SetPoint = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\
CHR - Extension: Adobe Acrobat \u2013 PDF-Datei erstellen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
CHR - Extension: Mindomo Bookmarks = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghabekkoaicdmfgggmocafcdllmdhamb\1.0_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Clearly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\8.3358.555.445_0\
CHR - Extension: Speed Dial 2 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
CHR - Extension: Evernote Web = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Evernote Web Clipper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.12_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: *Split Screen* = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\eachfleknamlcepmplpdghagngjfjkin\0.8.76_0\
CHR - Extension: Logitech SetPoint = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\
CHR - Extension: Adobe Acrobat \u2013 PDF-Datei erstellen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
CHR - Extension: Mindomo Bookmarks = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghabekkoaicdmfgggmocafcdllmdhamb\1.0_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Clearly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\8.3358.555.445_0\
CHR - Extension: Speed Dial 2 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
CHR - Extension: Evernote Web = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Evernote Web Clipper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.12_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2218533122-975564155-45232078-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2218533122-975564155-45232078-1001\..Trusted Domains: amazon.de ([]https in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9409DE07-394A-431B-B9E0-131D09852AE3}: NameServer = 192.168.137.1,172.16.102.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9fb36865-923a-11e2-be8a-c485084a09ce}\Shell - "" = AutoRun
O33 - MountPoints2\{9fb36865-923a-11e2-be8a-c485084a09ce}\Shell\AutoRun\command - "" = "D:\LaunchU3.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.31 10:37:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.03.31 10:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.31 10:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.31 10:37:34 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.31 10:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.29 21:38:15 | 000,147,232 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys.upd
[2013.03.27 11:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.26 00:46:16 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013.03.26 00:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013.03.26 00:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013.03.26 00:28:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.26 00:18:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PE Explorer
[2013.03.20 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2013.03.20 11:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 9.0
[2013.03.20 11:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0
[2013.03.20 11:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2013.03.20 11:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\StarFinanz
[2013.03.20 11:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarMoney 9.0
[2013.03.18 22:21:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDFab
[2013.03.18 17:08:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Mindomo Translation
[2013.03.14 23:48:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2013.03.13 14:56:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Intel
[2013.03.13 08:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.13 08:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.13 08:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.12 21:07:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
[2013.03.12 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CloudStation
[2013.03.12 19:06:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage
[2013.03.12 12:20:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\assembly
[2013.03.12 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Timeline 2012
[2013.03.11 14:41:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps
[2013.03.10 17:56:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla
[2013.03.10 17:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.03.10 17:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.03.10 17:49:28 | 000,000,000 | --SD | C] -- C:\Users\***\Documents\Meine Websites
[2013.03.10 17:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2013.03.10 17:48:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.03.10 17:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression
[2013.03.10 00:49:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2013.03.10 00:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.03.10 00:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.03.09 11:36:09 | 000,000,000 | -H-D | C] -- C:\Users\***\.swt
[2013.03.09 11:36:09 | 000,000,000 | -H-D | C] -- C:\Users\***\.phase-6
[2013.03.09 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Phase6
[2013.03.09 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2013.03.09 11:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase6
[2013.03.09 11:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
[2013.03.09 11:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase-6
[2013.03.07 15:18:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDFab
[2013.03.05 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\EndNote
[2013.03.05 16:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
[2013.03.05 16:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2013.03.05 16:37:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2013.03.05 16:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2013.03.05 16:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X6
[2013.03.05 16:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2013.03.05 16:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2013.03.05 16:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2013.03.05 16:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2013.03.03 19:28:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PhotoScape
[2013.03.03 15:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.03.03 15:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.03.03 15:30:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.03.03 15:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013.03.03 15:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.03.03 15:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.03.03 15:30:22 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.03.03 15:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.03.03 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2013.03.03 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\e-academy Inc
[2013.03.01 14:48:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FreeFileSync
========== Files - Modified Within 30 Days ==========
[2013.03.31 14:26:07 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.03.31 14:10:43 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.31 14:10:43 | 000,760,560 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.31 14:10:43 | 000,717,670 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.31 14:10:43 | 000,158,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.31 14:10:43 | 000,135,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.31 14:06:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218533122-975564155-45232078-1001UA.job
[2013.03.31 13:53:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.31 10:39:44 | 000,731,476 | ---- | M] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten_ - Trojaner-Board.pdf
[2013.03.31 10:37:36 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.29 21:38:15 | 000,147,232 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys.upd
[2013.03.29 17:06:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218533122-975564155-45232078-1001Core.job
[2013.03.29 16:33:03 | 000,001,768 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.03.29 16:25:26 | 000,001,099 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
[2013.03.28 08:33:37 | 000,000,423 | ---- | M] () -- C:\Users\***\AppData\Roaming\sp_data.sys
[2013.03.27 19:41:07 | 402,653,184 | -HS- | M] () -- C:\swapfile.sys
[2013.03.27 11:28:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.27 11:22:55 | 3340,091,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.26 19:33:10 | 000,000,016 | -H-- | M] () -- C:\ProgramData\obtf601
[2013.03.26 00:41:49 | 000,000,914 | ---- | M] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk
[2013.03.20 22:03:16 | 000,451,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.20 11:57:03 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 9.0.lnk
[2013.03.20 11:56:33 | 000,017,486 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\services
[2013.03.14 23:46:21 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013.03.12 00:40:52 | 000,002,452 | ---- | M] () -- C:\Users\***\Desktop\Diskstation.lnk
[2013.03.11 15:31:07 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
[2013.03.10 12:38:09 | 000,002,840 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.03.10 00:48:54 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.09 12:38:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013.03.09 11:36:01 | 000,001,265 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2013.03.09 11:36:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\phase-6 desktop.lnk
[2013.03.08 17:15:41 | 000,000,021 | ---- | M] () -- C:\Users\***\AppData\Roaming\my_intel.sys
[2013.03.07 12:08:32 | 000,002,300 | ---- | M] () -- C:\Users\***\Desktop\VPN-Einwahl_****.LNK
[2013.03.06 14:56:44 | 000,000,498 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2013.03.05 16:20:31 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2013.03.05 16:18:50 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
========== Files Created - No Company Name ==========
[2013.03.31 14:26:07 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.03.31 10:39:44 | 000,731,476 | ---- | C] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten_ - Trojaner-Board.pdf
[2013.03.31 10:37:36 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.26 00:44:12 | 000,000,914 | ---- | C] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk
[2013.03.26 00:44:09 | 000,001,768 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.03.20 11:57:03 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 9.0.lnk
[2013.03.15 22:20:56 | 000,451,192 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.12 00:39:25 | 000,002,452 | ---- | C] () -- C:\Users\***\Desktop\Diskstation.lnk
[2013.03.10 12:38:09 | 000,002,840 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.03.10 00:48:54 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.09 12:38:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013.03.09 11:36:01 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2013.03.09 11:36:00 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\phase-6 desktop.lnk
[2013.03.08 17:15:41 | 000,000,021 | ---- | C] () -- C:\Users\***\AppData\Roaming\my_intel.sys
[2013.03.07 12:08:32 | 000,002,300 | ---- | C] () -- C:\Users\***\Desktop\VPN-Einwahl_***.LNK
[2013.03.05 21:40:19 | 000,000,498 | ---- | C] () -- C:\Windows\SysNative\checkdnsid.xml
[2013.03.05 16:18:50 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2013.03.05 16:18:48 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2013.02.23 19:45:10 | 000,149,880 | ---- | C] () -- C:\Windows\wiainst64.exe
[2013.02.23 01:35:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.02.20 15:47:53 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf601
[2013.02.16 23:07:09 | 000,549,266 | ---- | C] () -- C:\ProgramData\1361048499.bdinstall.bin
[2013.02.16 17:15:55 | 000,000,460 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.02.16 15:06:14 | 000,000,423 | ---- | C] () -- C:\Users\***\AppData\Roaming\sp_data.sys
[2013.02.16 14:52:12 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 03:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 03:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[2013.02.16 23:17:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.02.16 23:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bitdefender
[2013.03.03 01:22:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2013.03.22 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.03.07 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDFab
[2013.03.03 14:21:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2013.03.05 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EndNote
[2013.03.10 18:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2013.03.01 19:56:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFileSync
[2013.02.20 15:47:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GraphPad Software
[2013.03.30 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2013.02.27 14:19:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hulubulu
[2013.02.20 11:16:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWesoft
[2013.02.17 01:59:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JDownloader Packages
[2013.02.20 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.03.09 14:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2013.02.16 23:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindomoDesktop
[2013.02.17 15:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDAppFlex
[2013.03.26 00:19:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PE Explorer
[2013.03.09 11:36:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Phase6
[2013.03.03 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2013.02.16 23:03:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2013.02.23 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Similarity
[2013.03.26 10:56:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2013.02.17 00:11:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
========== Purity Check ==========
< End of report >
--- --- ---
Extras OTL Logfile: Code:
OTL Extras logfile created on: 31.03.2013 14:28:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 54,11% Memory free
8,64 Gb Paging File | 6,14 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237,96 Gb Total Space | 66,83 Gb Free Space | 28,09% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AE0DCFD-E19F-4022-9B3A-9C1623971D55}" = lport=137 | protocol=17 | dir=in | app=system |
"{26BA0778-D3C2-44BB-8DFF-E0B40896F26B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{293C788B-3A90-44D6-AD69-2D7BCFDCCEB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B7EABDB-5533-40A2-AE87-BEFD86CF95B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{538BB2C5-2408-46D5-8625-16AB3237BA04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54F6DE83-CD9B-4C5A-BA3D-158B78D654E2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{56803B33-F7C4-4041-8694-FA51D5C29FD8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{58B4A8B4-0B51-4AC3-9911-D43EDD3F246D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{64C8F6CB-FE2A-47EC-82CD-3FD5A99903B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EF19CDB-E094-4BE3-B561-819B49C1DA6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B395933-34D6-4C86-9C26-29660B632F4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82995809-EA67-4C0E-9634-7F54145693B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{8CA28246-B36A-4306-B144-AFD8FBB42474}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8D003DAD-EAAE-46AA-8FBE-37489E5A9406}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{90005D76-E8B2-41A5-949D-3F7A35652E5F}" = lport=138 | protocol=17 | dir=in | app=system |
"{9BB3DEF7-4698-4599-8993-832988FB02BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{A1D2E3D9-DBCE-40FF-B82B-1419AF83A345}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE96B999-6B59-4B7B-955E-63260E5569B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B52C50F4-5376-4975-A0F2-5BEA58FAD1B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C84FBB06-8A10-4308-B941-5EBD24B81264}" = rport=139 | protocol=6 | dir=out | app=system |
"{E504D07A-AD8D-4773-91FD-E38015E94CD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1BBC1EF-470B-40D9-95D1-8F9F8551167B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0009CCD6-3E8A-4F05-879F-5D4F323B2947}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{00775F8E-D3F9-4E0D-A8ED-6F61449F3E7D}" = dir=in | app=c:\users\***\appdata\local\microsoft\skydrive\skydrive.exe |
"{048D8E0B-9F29-47EA-BC9E-93756555D72D}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{0B861142-6D3B-4C65-99A3-D2CBEE8571D5}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{10797869-F557-4FE3-AFFA-AADF0FC72C53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1C3C0C3A-929D-41F1-AA5B-4108E6D4AA9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1FDFDFAD-80AC-452F-93C3-4A254BEE6D07}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{20712FC1-0D09-4BD4-8758-F1D8EE290BDE}" = protocol=6 | dir=out | app=system |
"{236834F2-85CF-4F0A-86DA-24824085AC3A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25048CC6-13A5-4342-ABDE-C1F44C111710}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{2C6CF517-EAEE-4C7A-ADB3-B7F93B75EEBD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D90B7F4-7B87-447C-B681-A514CB443ED1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E5B0E9D-0F34-4DAD-A117-2D8EFBEEBEEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2EFA1381-14D7-4595-AA18-DC14E3FB144B}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{343BFB22-46FF-4AD9-9AD6-2081AB3E536E}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{3554D20A-E7FF-45ED-BC03-31FA6BF89E54}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3CFFF97A-3475-4BA6-85CD-E788B8E24D07}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3D80CEF1-D002-496A-A220-1BCEABC70CED}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{41864EAB-2A36-4527-B409-0DFC19E80456}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4935095A-9946-4A91-A007-20CFA0519080}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{49697E7A-A698-43E6-9FB5-AA2BA5EB0C79}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CA784A2-67D2-45B4-9C36-0622B6DE9086}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 9.0\ouservice\starmoneyonlineupdate.exe |
"{521A156C-53CB-4A42-BFDD-7E5337D6375D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A4C1122-8FBD-4D7B-B451-551DDC712A46}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C31CF20-1743-46E8-B135-21E38F8243C0}" = dir=out | name=audible - audiobooks and more |
"{6CB91D21-E624-4CB3-9024-B76C9A3C21F1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{6CE1E5B3-3D91-436C-9608-9E30E9193B8D}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{6DA75465-2664-4347-B3C6-1300BB2F6F5B}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{6F038349-A8D5-4045-AC83-A3F07C209894}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72E200F4-9BF5-4EAB-B91D-2BCF04C42E8F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{7CF8A4A4-58B6-4852-885B-F3A3A47DFB75}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{859D728A-B722-42DB-8C4B-72B75559B7AF}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8637B704-A554-4914-B0FD-A3B41370716D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8A2CDF4D-1479-4B23-A4C8-E947CEBC5547}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E34D274-093E-4FAB-A212-6D7F3D5DB89C}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{90729852-34E1-4374-808A-AF866E016D1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9424C9B1-4665-42B8-8D32-2612F100E482}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{94BCDFE5-343E-4A4D-A404-1A5236A42D28}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A2EB2E99-F570-4CD6-8A3F-5CED5598F21B}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{A35C5D14-9D8E-4741-BA62-A0681B551A6E}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A594B2C0-FC31-4018-9A6F-B3654B8E6836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7ED8465-44F9-49EE-8BB7-CBE4DE909708}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A8F16DF3-8689-449C-835C-1F45D41A7CDA}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B46DB914-0B6C-4713-937A-11D073F8F11D}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{B95D285D-ABEA-47E1-AE90-4DE14718A1B3}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 9.0\app\starmoney.exe |
"{BC45C94B-C098-4032-BB79-BA6247E31ADC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BDB843F6-E8C1-48E2-B265-ED45230C23C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C0891F1B-4EDE-4C5D-BD51-73131C3942A5}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C850DF4F-DDD8-45AD-9CA8-82D8804F4805}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 9.0\app\starmoney.exe |
"{CF5C17D6-F4E2-41A0-98FB-A83A1AA2B09D}" = dir=out | name=myspass-app: tv-shows kostenlos anschauen! |
"{D7375F81-BB6A-440D-9AE6-879A5FE04697}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 9.0\ouservice\starmoneyonlineupdate.exe |
"{D7D5E203-3A16-41F2-866F-F4EB76074C62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D964FDBE-F2A0-4032-B25F-CA00DBF715DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC5EF801-3D46-46C6-AE3B-88063FD574B5}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E17690F8-BA4C-4EC8-AC59-91F8293B7F1F}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{ED812124-2FDB-4411-BCEE-7D81DF95523C}" = dir=out | name=tunein radio |
"{F5E72441-04DE-490A-AD27-FF85A7DEF658}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6714603-59EE-4AE0-A7CC-3203E054793E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{F9F2D875-3DB5-4990-AF05-569880E7D584}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC0AD48D-C960-48D6-BAF3-4972BC7BC5AA}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{23D486D4-FBE0-40F3-A245-E4D56D094764}" = Intel(R) WiDi
"{2E55EED1-49D4-4A07-B2B9-3EC5BB371F12}" = calibre 64bit
"{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}" = Bonjour-Druckdienste
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5B621B3B-FE1D-4835-AA5A-0E0A3437932B}" = Similarity 64-bit 1.8.2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PRJPROR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPROR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPROR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PRJPROR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PRJPROR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-1000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8388E8B0-3DC3-4A7B-9EE0-FCBB1C3363F6}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{91140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{962E1735-D2E0-4813-AB9F-C6CBA09E759A}" = Intel® PROSet/Wireless WiFi-Software
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A74AB300-5777-41B7-91A2-C21875D4A483}" = Bonjour
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F13921D6-AE6D-41BF-807A-17BD99C0A4FD}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5" = Windows-Treiberpaket - ASUS (ATP) Mouse (01/10/2013 1.0.0.170)
"Bitdefender" = Bitdefender Internet Security 2013
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de
"Office14.PRJPROR" = Microsoft Project Professional 2010
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.76 (64-bit)
"sp6" = Logitech SetPoint 6.51
"VLC media player" = VLC media player 2.0.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3C35C2A2-6537-3AB3-CCA2-F15A792E347C}" = Mindomo Desktop
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{534E1993-A9FE-4DFC-8C5B-A173A419EDF4}" = AX88772B_AX88772A_AX88772 Windows 8 Drivers
"{5A6DB7C1-E646-4842-A562-49C5EB8F2B47}" = StarMoney
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{6AF7A3DF-581E-4AB7-ACAF-2051FF7E8ACF}" = Similarity 1.8.1
"{6E839820-0BBA-4310-9D06-4463BAEA6641}" = Secure Download Manager
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C0508079-0000-4F68-A4DF-29C7ED7182C6}" = SlimDrivers
"{C611819E-5ED9-4CCC-88D4-EC0468FA3EC4}" = mSecure
"{DCA64D50-CD50-4E48-AAFE-F6AF9B09A200}" = Free Screenshot Capture
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EBC2CAA0-E793-490C-98E4-69BAF74C0E62}" = StarMoney 9.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F902AB2B-7816-4CBD-A385-F2549F62956B}" = StarMoney
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Advanced Renamer_is1" = Advanced Renamer
"Cardiac Auscultation" = Cardiac Auscultation 1.0
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.7 (06/02/2013) Qt
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel(R) Dynamic Platform and Thermal Framework
"FileZilla Client" = FileZilla Client 3.6.0.2
"FreeFileSync" = FreeFileSync 5.12
"Handbrake" = Handbrake 5248 Nightly
"InstallShield_{534E1993-A9FE-4DFC-8C5B-A173A419EDF4}" = AX88772B_AX88772A_AX88772 Windows 8 Drivers
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaMonkey_is1" = MediaMonkey 4.0
"MindomoDesktop" = Mindomo Desktop
"phase-6" = phase-6 2.3.2b
"PhotoScape" = PhotoScape
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"TrueCrypt" = TrueCrypt
"Web_4.0.1460.0" = Microsoft Expression Web 4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2218533122-975564155-45232078-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"JDownloader Packages" = JDownloader Packages
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Synology CloudStation" = Synology Cloud Station (remove only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2013 17:58:35 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 27.03.2013 05:29:43 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DVDFab.exe, Version: 8.2.2.7, Zeitstempel:
0x5111e1b3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x397ec78e ID des fehlerhaften Prozesses:
0xf00 Startzeit der fehlerhaften Anwendung: 0x01ce2acd9ce028c4 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\DVDFab 8 Qt\DVDFab.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: dac82919-96c0-11e2-be8b-86f52f1122a5 Vollständiger Name
des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 27.03.2013 14:27:09 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneIn.exe, Version: 1.1.0.0, Zeitstempel:
0x51438ee0 Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.2.9200.16518,
Zeitstempel: 0x510cb7a8 Ausnahmecode: 0xc000027b Fehleroffset: 0x007c456a ID des fehlerhaften
Prozesses: 0x4f0 Startzeit der fehlerhaften Anwendung: 0x01ce2acd173dabb4 Pfad der
fehlerhaften Anwendung: C:\Program Files\WindowsApps\TuneIn.TuneInRadio_1.1.0.0_neutral__6bhtb546zcxnj\TuneIn.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\Windows.UI.Xaml.dll Berichtskennung:
eeda97e6-970b-11e2-be8b-86f52f1122a5 Vollständiger Name des fehlerhaften Pakets:
TuneIn.TuneInRadio_1.1.0.0_neutral__6bhtb546zcxnj Anwendungs-ID, die relativ zum
fehlerhaften Paket ist: App
Error - 29.03.2013 10:03:11 | Computer Name =*** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 29.03.2013 10:24:10 | Computer Name = *** | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Das Paket „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy“ wurde beendet,
da das Anhalten zu lange dauerte.
Error - 29.03.2013 10:24:12 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm WWAHost.exe, Version 6.2.9200.16420 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a18 Startzeit: 01ce2c8903aee140 Endzeit: 4294967295 Anwendungspfad:
C:\Windows\System32\WWAHost.exe Berichts-ID: 524ede3c-987c-11e2-be8b-86f52f1122a5
Vollständiger
Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Windows.Store
Error - 30.03.2013 09:59:16 | Computer Name = ***| Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16518 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1be0 Startzeit: 01ce2d494b61515a Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: fced8c34-9941-11e2-be8b-86f52f1122a5
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 31.03.2013 07:53:34 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.03.2013 07:53:34 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1187
Error - 31.03.2013 07:53:34 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1187
[ System Events ]
Error - 29.03.2013 11:34:03 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 29.03.2013 11:39:08 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 29.03.2013 11:49:14 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 29.03.2013 11:49:14 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 29.03.2013 11:49:14 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 30.03.2013 09:42:59 | Computer Name = ***| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 30.03.2013 09:42:59 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 30.03.2013 09:43:37 | Computer Name = ***| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 30.03.2013 13:02:15 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 31.03.2013 07:54:33 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
< End of report >
--- --- --- |
Bitte lesen: