samspade | 25.05.2013 01:04 | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? System:
--------
Windows 8 Pro with Media Center 64 bit
Ein Tag Rumärgerei, dann Problem gelöst. Oder nur SCHEINBAR???
--------------------------------------------------------------
Hier meine Aktivitäten bis jetzt:
Mir fiel eine Task xoywm.exe auf, die ich nicht kannte, auch googlen brachte keine Details.
Mein Rechner hatte Probleme mit den Browsern: Firefox startete nicht mehr, in Chrome stürzten Videos regelmäßig ab. Microsofts Defender meldete nur einmal einen Virenbefall (habe sofort angezeigte Dateien eliminiert).
All das machte mich nervös und ich habe dann die desinfec't CD (ubuntu mit avira und bitdefender laufen lassen). Das hat trotz Microsofts Defender 14! Hits gebracht, ich habe zunächst alles mit der Extension .VIRUS umbenannt, darunter auch xoywm.exe und der
zu yontoo gehörende installer (im Verzeichnis des Installers).
Nach Reboot waren immer yontoo und y2desktop (die scheinen zusammen zu gehören) im Taskmanager zu sehen. Yontoo fand sich sogar als Eintrag mit webseite in Systemsteuerung/Programme und Features lässt sich aber da nicht deinstallieren - das unverdächtige Installprogramm meldet einen Fehler. Auf der Yontoo webseite gibt es für diesen Fall einen uninstaller, vor dem Download warnte mich aber der Browser (Virus!).
Firefox meldete Probleme beim Neustart von yontoo, ich habe das Plugin da entfernen können und dann mit dem Suchtool Everything alle yontoo, y2desktop, xoywm.exe und auf .VIRUS endenden Dateien gelöscht.
Ich habe dann auch das Verzeichnis im Installer gelöscht, in welchem die yontoo .VIRUS Datei war, bei dem dann folgenden Deinstallieren in Programme und Features merkt Windows dann, dass was fehlt und streicht endlich den Eintrag yontoo aus der Liste.
Jetzt sind diese Dateien und Prozesse auch nicht mehr in Taskmanager/Ressourcenmonitor zu sehen. Firefox und Chrome laufen endlich wieder einwandfrei.
AAAAABER: Ich bin jetzt nervös, ging das wirklich sooo leicht, vielleicht gibt es ja Sachen die sich besser versteckt halten?
- Ist der Rechner jetzt wirklich sauber? Ich habe gesehen, dass Ihr nach OTL-logs fragt, die habe ich gerade erstellt und angehängt. Man findet zwar xoywm und yontoo, aber die Dateien werden nicht mehr gefunden :-)
- Was für Daten stehlen yontoo/xoywm? Banking/Passwörter für Email &Social Networks? Ich checke jetzt mal die Kreditkartenauszüge.
- Wie konnte ich mich infizieren (ich starte keine unbekannten exe-Dateien, update mein System, nutzte Virenscanner den die c't akzeptabel getestet hatte)?
- Wie kann ich mich legal rächen? Just kidding...
Unklar sind für mich folgende Tasks, die kurz mal zu sehen waren:
-----------------------------------------------------------------
WmiPrvSE
Windows Modules Installer
Windows Modules Installer Worker
Eigentlich Microsoft Tasks, aber könnten gehijackt sein?
Was noch stört:
---------------
Nach dem Reboot für ein paar Minuten 100% Festplatten-Aktivitat durch Prozess "System",
es sieht bei der Datenträgeraktivität im Ressourcenmonitor aber nur nach einem Virusscan aus, der eigentliche Scanner hat hingegen wenig Aktivität (jetzt Avira, war dasselbe bei Microsofts Defender). Danach geht es auf nahezu Null runter.
OTL-log:
-------- Code:
OTL logfile created on: 25.05.2013 01:50:18 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 56,34% Memory free
4,62 Gb Paging File | 2,61 Gb Available in Paging File | 56,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 139,21 Gb Free Space | 14,95% Space Free | Partition Type: NTFS
Drive F: | 633,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 931,51 Gb Total Space | 8,20 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (BcmBtRSupport) -- C:\Windows\SysNative\BtwRSupportService.exe (Broadcom Corporation.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ClassicShellService) -- C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\Drivers\avnetflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (BthA2DP) -- C:\Windows\SysNative\Drivers\BthA2DP.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (Tpkd) -- C:\WINDOWS\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\Drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\Drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\Drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\Drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\Drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\Drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\Drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\Drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\Drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\Drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\Drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\Drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\Drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\Drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\Drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\Drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\Drivers\InputFilter_FlexDef2b.sys (Siliten)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\Drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\Drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\Drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\Drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\Drivers\rixdpx64.sys (REDC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/u/0/?shva=1#inbox
IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3
IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 E7 59 61 60 B5 CD 01 [binary data]
IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: %7BA4732521-77D9-447E-A557-B279AC923F06%7D:0.6.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.03.16 14:11:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 19:10:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013.05.08 08:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.05.24 19:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\thkeju61.default\extensions
[2013.05.08 08:42:41 | 000,095,463 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\thkeju61.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi
[2013.05.21 08:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.21 08:15:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.03.16 14:11:44 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://mail.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Mindjet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpkinhfhnglbhoeoeooekalejbhbhgl\0.1.6_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Image-Toolbar (beta) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb\0.1.0.0_0\
CHR - Extension: RealDownloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found
O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [Hoguq] C:\Users\User\AppData\Roaming\Ylwe\xoywm.exe File not found
O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe File not found
O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [Yontoo Desktop] "C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FDC90D5-7A27-4E67-A8A4-0612F293D679}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F6F2209-A54C-4E91-9B12-15BA81081B51}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.27 18:09:29 | 000,000,056 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.24 21:50:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2013.05.24 21:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.24 21:43:46 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.05.24 21:43:46 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2013.05.24 21:43:46 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2013.05.24 21:43:46 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2013.05.24 21:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.24 21:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.05.24 19:27:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.05.23 00:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.05.22 19:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.05.22 19:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.05.21 08:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.19 19:01:52 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.19 19:01:51 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013.05.19 17:25:07 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013.05.19 17:25:05 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll
[2013.05.19 17:25:03 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2013.05.19 17:25:02 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013.05.19 17:24:59 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2013.05.19 17:24:59 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSAudDecMFT.dll
[2013.05.19 17:24:54 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013.05.19 17:24:53 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSAudDecMFT.dll
[2013.05.19 17:24:51 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kd_02_10ec.dll
[2013.05.19 17:24:50 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rsaenh.dll
[2013.05.19 17:24:49 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2013.05.19 17:24:48 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2013.05.19 17:24:46 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013.05.19 17:24:46 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\conhost.exe
[2013.05.19 17:24:46 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmredir.dll
[2013.05.19 17:24:45 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013.05.19 17:24:45 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2013.05.19 17:24:45 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe
[2013.05.19 17:24:42 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RecoveryDrive.exe
[2013.05.19 17:24:42 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2013.05.19 17:24:40 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013.05.19 17:24:40 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2013.05.19 17:24:40 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2013.05.19 17:24:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013.05.19 17:24:39 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2013.05.19 17:24:39 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2013.05.19 17:24:38 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2013.05.19 17:24:37 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmvdsitf.dll
[2013.05.19 17:24:36 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2013.05.19 17:24:35 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll
[2013.05.19 17:24:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhengine.dll
[2013.05.19 17:24:29 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2013.05.19 17:24:29 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfreadwrite.dll
[2013.05.19 17:24:29 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013.05.19 17:24:29 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2013.05.19 17:24:28 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Robocopy.exe
[2013.05.19 17:24:28 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscapi.dll
[2013.05.19 17:24:28 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kdvm.dll
[2013.05.19 17:24:27 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\intl.cpl
[2013.05.19 17:24:27 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2013.05.19 17:24:27 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013.05.19 17:24:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfreadwrite.dll
[2013.05.19 17:24:27 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iuilp.dll
[2013.05.19 17:24:27 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmvdsitf.dll
[2013.05.19 17:24:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Robocopy.exe
[2013.05.19 17:24:27 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kdnet.dll
[2013.05.19 17:24:23 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2013.05.19 17:24:21 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GenuineCenter.dll
[2013.05.19 17:24:21 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\intl.cpl
[2013.05.19 17:24:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2013.05.19 17:24:21 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fmifs.dll
[2013.05.19 17:24:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fmifs.dll
[2013.05.16 17:58:42 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013.05.16 17:58:33 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2013.05.16 17:58:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2013.05.16 17:58:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2013.05.16 17:58:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2013.05.16 17:58:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013.05.16 16:09:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shdocvw.dll
[2013.05.16 16:09:32 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\consent.exe
[2013.05.16 15:10:13 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esent.dll
[2013.05.16 15:10:11 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\esent.dll
[2013.05.16 15:08:29 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013.05.12 19:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012
[2013.05.12 19:06:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\bastel fräse
[2013.05.12 17:13:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Amazon Downloader Logs
[2013.05.12 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\3Dconnexion_Inc
[2013.05.12 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA
[2013.05.12 16:34:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\3Dconnexion
[2013.05.12 16:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion
[2013.05.12 16:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2013.05.12 16:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion
[2013.05.11 12:36:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\SimCity
[2013.05.07 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Buhl Data Service
[2013.05.07 21:01:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Buhl Data Service
[2013.05.07 15:51:49 | 000,000,000 | ---D | C] -- C:\Users\User\.smplayer
[2013.05.07 08:49:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Ubisoft Game Launcher
[2013.05.07 08:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013.05.07 08:16:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Buhl
[2013.05.07 08:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WISO
[2013.05.07 08:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2013.05.06 23:34:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.05.06 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Origin
[2013.05.06 22:43:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Origin
[2013.05.06 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.06 22:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.05.06 22:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.05.06 22:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.05.06 00:00:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Downloads
[2013.05.03 15:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.03 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ylwe
[2013.05.03 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Lebyhe
[2013.05.03 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ipibd
[2013.05.02 14:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2013.05.02 14:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.25 01:42:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.25 01:07:00 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.25 01:03:51 | 000,007,670 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013.05.25 00:42:39 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.25 00:39:21 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.24 21:39:52 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.05.24 21:39:52 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2013.05.24 21:39:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2013.05.24 21:39:52 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2013.05.24 20:23:00 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.24 20:22:46 | 3377,258,496 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.24 19:27:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.05.22 08:35:47 | 000,342,592 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.05.12 20:44:16 | 000,000,862 | ---- | M] () -- C:\WINDOWS\wiso.ini
[2013.05.07 22:47:21 | 001,681,014 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.05.07 22:47:21 | 000,728,328 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.05.07 22:47:21 | 000,689,200 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.05.07 22:47:21 | 000,146,020 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.05.07 22:47:21 | 000,125,560 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.05.07 22:07:50 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013.05.07 22:07:50 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.06 23:34:03 | 000,189,248 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.22 08:35:36 | 000,342,592 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.05.21 08:15:55 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.19 17:24:16 | 000,387,688 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.05.07 08:16:45 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2013.05.06 23:34:03 | 000,189,248 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2013.03.16 11:10:57 | 000,015,873 | ---- | C] () -- C:\WINDOWS\SysWow64\Inetde.dll
[2013.01.08 15:23:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\SysWow64\spwini.dll
[2012.12.16 19:45:34 | 000,008,192 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.19 00:49:56 | 000,007,670 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2012.11.17 08:23:24 | 000,021,656 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\iLokDrvr.sys
[2012.10.30 04:19:12 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012.08.02 23:50:53 | 000,004,539 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012.05.06 09:34:08 | 000,000,243 | ---- | C] () -- C:\Users\User\.swfinfo
[2012.01.06 03:52:25 | 000,005,072 | ---- | C] () -- C:\Users\User\.TransferManager.db
[2011.02.02 00:34:50 | 000,001,778 | ---- | C] () -- C:\Users\User\gdbtk.ini
========== ZeroAccess Check ==========
[2013.01.28 23:11:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.05.12 16:34:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\3Dconnexion
[2013.02.21 02:22:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Arduino
[2013.03.16 11:10:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BOM
[2013.05.07 21:02:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Buhl Data Service
[2013.02.04 16:57:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CachedFiles
[2012.12.26 21:02:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre
[2013.02.19 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.04.21 20:06:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CopyTrans
[2013.01.07 11:50:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2013.02.21 05:21:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fritzing
[2013.05.03 15:26:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ipibd
[2013.05.12 19:32:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
[2012.12.26 21:35:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JAM Software
[2013.05.21 09:10:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lebyhe
[2012.12.27 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mobipocket
[2012.11.11 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2013.05.06 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2012.12.26 21:23:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2013.04.21 20:01:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions
[2013.05.24 20:17:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ylwe
========== Purity Check ==========
< End of report > OTL-Extra-log:
-------------- Code:
OTL Extras logfile created on: 25.05.2013 01:50:18 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 56,34% Memory free
4,62 Gb Paging File | 2,61 Gb Available in Paging File | 56,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 139,21 Gb Free Space | 14,95% Space Free | Partition Type: NTFS
Drive F: | 633,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 931,51 Gb Total Space | 8,20 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0094BB44-B00B-4842-9ABF-3A39B7D47D29}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
"{12576295-7F45-47FB-805F-06F093DB8C8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{1EFD2868-4D3D-4667-831F-2015C25F3E33}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1F98A5C7-5145-4E29-9BC2-3B51A6485EB3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{205FED39-F0D0-4F32-A76A-37D5C8AB5640}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{207F0E51-65CD-4D96-9ED4-C86B3095B1D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{339DF4B8-A4D8-4CD9-9783-33947845BF42}" = lport=139 | protocol=6 | dir=in | app=system |
"{4F92B791-FA70-4951-9877-B986BCC48EF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{5797F32C-22BB-4E9E-8A48-DC36A2C283A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66724658-077F-473B-B95A-A5F2B17681B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E0A43BD-6B87-47D6-89DB-BE9A7388F1C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{706F3001-9093-4E84-A1DD-66E0DE7A2EE2}" = lport=445 | protocol=6 | dir=in | app=system |
"{7B550D87-F7D9-4558-9307-DC93E8368FE6}" = rport=139 | protocol=6 | dir=out | app=system |
"{7E922B4F-499B-46C8-8F1E-030D12855144}" = rport=445 | protocol=6 | dir=out | app=system |
"{908F5C06-AA9F-409C-9854-3185E9292D15}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |
"{995547D3-7748-48FF-81B3-29F288812ED1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6209A70-9FB3-4DDC-8261-1C1F05E18C74}" = lport=138 | protocol=17 | dir=in | app=system |
"{B539482D-C3EF-4184-9853-2986201EB8F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{B74A01FF-BF4F-446D-9F3F-4D0181721CC7}" = rport=138 | protocol=17 | dir=out | app=system |
"{BB0593B5-D0A5-4724-B7E2-332B2F80D001}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{CAF59F12-0C6D-4568-B7B4-700132994BE2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8CC8738-4236-4838-A2BC-B33E8E30274C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DDF431F7-BA07-4313-A22F-C43C81F796E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DF41D875-76CF-4142-B1FD-D141C7AB271F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6146995-E6BC-4D8D-A29F-68724C01675C}" = lport=137 | protocol=17 | dir=in | app=system |
"{F5790EF3-4B38-47B7-9CEB-1F072533544E}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D339F53-6EE1-4145-AE6E-7DF282DC7FDD}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{12085DCC-73F3-4186-AB48-E89AA79B41B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13A3C12B-89E7-4403-B4F1-1816F4F1F9DC}" = protocol=6 | dir=out | app=system |
"{14BC11F3-6835-4B27-BB2F-C328A3784B2C}" = dir=in | name=pinball fx2 |
"{176FA3A6-E6B6-460C-915E-7EFC910BD749}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{21783EA5-45AF-4776-8252-78D2890B9563}" = dir=out | name=robotek |
"{24CD29E6-3EA2-426F-9CF6-5FA239D6AF09}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{28E4C87B-DA62-4FFB-A903-CDBBA3180B22}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{29AD5DC7-D5F7-4ED2-9FCA-84542AB36701}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2A248E02-5094-4E8E-97EB-669347284ACE}" = dir=out | name=kaufda navigator |
"{2DF94450-64CC-45DF-BE49-40A366128AF1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{315B8F5A-0194-4496-85E2-2F0D74068066}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{38B41664-1AF1-4C0C-B801-A25415A0433A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39CA6445-52BB-432F-BD60-06E5971A9358}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{438A4FF2-20B0-488C-A46F-68E4B38E386E}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{460A91A6-BD86-4213-A8AF-07866951537A}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{4882905E-A6C5-4322-9E72-3E1FB7D367B4}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{52D867B9-48E5-425F-B68A-A6C4AE4B195D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{54047489-DCE2-4050-9D59-81E809197A56}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{5A20BC2E-EADB-4B20-94D8-B838557CDD4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62653FE1-B4C7-45FF-90F4-C2388799CADB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rocksmith\rocksmith.exe |
"{640B2077-A088-41C7-AA3E-368470F376B9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6A5D94F0-30D9-4DD0-B96B-DD2AAFD38CFC}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B4D97B6-FD07-4956-9010-59A527D79BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{71709FC4-0FB1-4D45-A788-30A237BBE263}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{73C4DEBD-D4EC-4DF4-8573-0FEC47067F83}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{73EFCBF8-E1DA-446D-9BDB-16371D0060E7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{742496AE-F8E9-43D3-9A0B-01ED49D024C8}" = dir=out | name=arte tv |
"{7857951F-2A1F-4756-AB8B-DE9EE251F02D}" = dir=out | name=ebay |
"{79102889-B092-4562-816B-9F74E8B2403A}" = dir=out | name=onenote |
"{7A37E96F-9D34-4220-9ABE-305134DE5BDF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CF3BBBF-2CC1-4F16-BAF5-C49C9AE44637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FBA0D4F-8A1A-40BF-A08C-C39F70A67ABB}" = dir=out | name=microsoft mahjong |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{80B35425-6861-411E-96CF-D5901FF18F19}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{853EB962-EA5A-4C5A-94F9-0BEBAEEC004F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{875B3636-A405-4717-B39C-A7C13580FBC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{886A7CC4-D5BE-4AD3-B842-2693629789F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B245A78-E275-4BA4-AF20-7A760D595F55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BC56955-5F1D-4C98-B02E-36E4FA20E28F}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8C47E3A8-F406-4D98-A7E8-2EC142AD087B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{908F0125-CB2A-440A-A66C-938FF84287F8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{92BD6A23-A328-496F-9850-08B8FEA006E6}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{92C2D4AB-3E33-457A-8C77-92564D39273D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{96458BF9-3B28-4FC2-B1FC-820685C3CDF5}" = dir=in | name=robotek |
"{9735F1EC-E0FA-4EF8-8A97-ADE6D04CC10D}" = dir=in | name=onenote |
"{987F86EE-DFCE-4290-8CE5-EF51EC7ADDF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{99B7DA72-454D-4C28-AEB5-414BEA703692}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9AF274F7-C6B9-40DC-8397-DE8ED1E33E9D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BEB4279-D179-4A3E-809D-E4473A315227}" = dir=out | name=microsoft minesweeper |
"{A198C584-65ED-47B6-AF4E-E9534F07D591}" = dir=out | name=radiant |
"{ABFB6126-A1B5-4294-81E2-E6A2C810A35E}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{ACC8669C-18B5-406D-A351-6C73EFA89559}" = dir=in | name=ebay |
"{AE4FD485-5E95-48D1-9BB3-A507CB451493}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B7A296A4-A22D-4169-9272-5591642FF231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B88DDAE1-6DED-4AF5-BC28-4DAAA0E86108}" = dir=in | app=c:\program files (x86)\audials\audials 10\audials.exe |
"{B8DB2DC9-9801-4228-846A-FA5E4F634942}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{BB9FE99B-6AF1-4EF8-BCBE-785952F83752}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{BD7ABD2F-1859-452F-BD12-665C86CBAA22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BDD8BB41-6FBE-41F7-AD73-8979D3DFF039}" = dir=out | name=zattoo live tv |
"{C1D963F5-034B-4EA6-963E-7255C6E98F0A}" = dir=out | name=zalando |
"{CB8F275E-BF70-470C-AB1D-5DB2A47F1160}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{CCCD60B1-93A8-4639-B668-FB9C67D9C2DC}" = dir=out | name=microsoft solitaire collection |
"{CE100D7C-8739-466E-921F-8BA48B4960ED}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D410DF73-8F04-451C-85E5-AB3D504C08EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rocksmith\rocksmith.exe |
"{DE96B4C7-9890-4303-B926-45B65380A9E8}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E0C43974-A9D3-487B-8605-9C8F8AA58F72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EBD45732-EF4F-47DE-9143-2179502B190C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{F1139E4A-6D9B-4CB8-9600-CBB10F827ABF}" = dir=out | name=shazam |
"{F1D00A5D-EC69-4500-8150-F88F49027A87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{F26F06AB-F2EB-4DFA-9CD5-7E525874E0DB}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F6A333F8-A579-4F10-8DAD-035C302C588F}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F8585375-1E31-40AC-83E4-50F8B1B23B68}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F8D92991-E822-40D8-ACC6-A296A6C47FBF}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F95462F7-1EFA-4797-B93F-CAC35892C6DC}" = dir=out | name=pinball fx2 |
"{FA6326CF-D7ED-41AB-BC7B-3A2F676F668B}" = dir=out | name=geodart |
"{FFE4724D-3F85-4287-AE70-51EFB32F6B7B}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"TCP Query User{2DE02AE6-FF20-4DAB-B3DB-794507B40336}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8B87A07D-5232-46C7-B1A9-93B5CFDD01FE}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"TCP Query User{93E93D7F-B52D-4F6A-A0A9-5A7591D7E5F8}C:\users\user\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{A3633175-91D4-471B-B930-BA3628ED565E}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"TCP Query User{D862D41F-40B0-4686-8658-E4F649A0CF04}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"TCP Query User{D920A166-670B-4D21-905B-74476C6F4707}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{2CF04AB5-07B5-4FD4-AEA7-EA6C40914FE9}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"UDP Query User{3BC5D458-8E5B-47E7-B4D0-F0C298616BA2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{434CDDA5-673A-46E6-9603-637EBD0760CA}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"UDP Query User{A63F3275-46A5-4064-9187-F3CE78FC0AEB}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"UDP Query User{A79ED1BA-2BCE-4F77-9BAD-677A9F5E8A03}C:\users\user\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{BEFCF8F9-C053-436E-898C-4F27265F0243}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13859B14-439C-41CF-A89A-D705EF959AA6}" = 3Dconnexion Plug-In for Photoshop CS3 - CS6
"{14FCEEDC-6795-4B5A-8370-686D0D3ED308}" = 3Dconnexion Plug-In for NX v3.0 - v8.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FA17D58-3CE5-4B24-90B9-CE2DCB3FCAC1}" = 3Dconnexion Plug-In for 3ds Max v9 - 2014
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{45401736-1649-451A-A2CB-1F37D222DCE2}" = 3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 2.0
"{4E22D0BC-2A2E-4723-B7E7-F34701EE501E}" = 3Dconnexion 3DxWare (x64)
"{5A739B91-73E6-4C75-8A3D-FA1FFA15C779}" = 3Dconnexion Add-In for SolidWorks 2005 - 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6D6426CC-35B9-4752-9874-4FB1576CE8C5}" = 3Dconnexion Add-On for XSI v5.0 - 2014
"{7EDD147B-8918-4715-94D5-987995044696}" = Max 6.1.1
"{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}" = Classic Shell
"{8AC1E556-BB68-486A-AF7C-AB6AC88ADADA}" = 3Dconnexion Plug-In for Maya v8.5 - 2014
"{92AE1E79-760C-42B9-B905-3F1BD31FF0E7}" = 3Dconnexion Add-In for Inventor 11 - 2014
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C4CBE331-9BFC-456B-A4D8-4E43E5EA3788}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EC2764B7-2EDB-4575-B0D4-1325EC66975E}" = 3Dconnexion Add-In for Solid Edge V18 - ST5
"{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}" = Ableton Live 9 Suite
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"Power Management Driver" = Lenovo Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6D236956-B79D-4748-BEA3-A039334A66AB}" = 3Dconnexion Collage
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{873F109E-CFBD-4958-9D07-1B02538BBD8F}" = 3Dconnexion Trainer
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Klavier-Schule
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition)
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DC8B9A86-0EB5-4178-BCC0-DBDF1F529378}" = Audials
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E9994D23-7CC4-453C-B45C-6375C69EF850}" = 3Dconnexion Plug-in for Acrobat 3D
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FFD6EF09-FD59-4E19-8688-FF9D72B58819}" = 3Dconnexion Extension for SketchUp
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Biet-O-Matic v2.14.12" = Biet-O-Matic v2.14.12
"eMule" = eMule
"Everything" = Everything 1.2.1.371
"Google Chrome" = Google Chrome
"Inkscape" = Inkscape 0.48.4
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"RealPlayer 16.0" = RealPlayer
"Steam App 205190" = Rocksmith
"Steam App 8930" = Sid Meier's Civilization V
"TreeSize Free_is1" = TreeSize Free V2.7
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"XMind_is1" = XMind 2012 (v3.3.1)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.05.2013 13:48:03 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ConquerW8ClientApp.exe, Version:
1.0.0.0, Zeitstempel: 0x5088fcba Name des fehlerhaften Moduls: KERNELBASE.dll, Version:
6.2.9200.16451, Zeitstempel: 0x50988950 Ausnahmecode: 0xe0434352 Fehleroffset: 0x00014b32
ID
des fehlerhaften Prozesses: 0x13d4 Startzeit der fehlerhaften Anwendung: 0x01ce58a68dc04811
Pfad
der fehlerhaften Anwendung: C:\Program Files\WindowsApps\27021tamayg.Conquer_1.0.2.0_neutral__v3gh74v7k1ycp\ConquerW8ClientApp.exe
Pfad
des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\KERNELBASE.dll Berichtskennung: 14af4c39-c49a-11e2-be93-002268e3e6dd
Vollständiger
Name des fehlerhaften Pakets: 27021tamayg.Conquer_1.0.2.0_neutral__v3gh74v7k1ycp
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 24.05.2013 13:55:14 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.2.9200.16550,
Zeitstempel: 0x5136a2c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000004af9
ID
des fehlerhaften Prozesses: 0x700 Startzeit der fehlerhaften Anwendung: 0x01ce583e37f71fbd
Pfad
der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\WINDOWS\system32\SHELL32.dll Berichtskennung: 15654dee-c49b-11e2-be93-002268e3e6dd
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 24.05.2013 13:57:19 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.05.2013 14:01:38 | Computer Name = User-PC | Source = .NET Runtime | ID = 1026
Description =
Error - 24.05.2013 14:01:39 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ConquerW8ClientApp.exe, Version:
1.0.0.0, Zeitstempel: 0x5088fcba Name des fehlerhaften Moduls: KERNELBASE.dll, Version:
6.2.9200.16451, Zeitstempel: 0x50988950 Ausnahmecode: 0xe0434352 Fehleroffset: 0x00014b32
ID
des fehlerhaften Prozesses: 0x654 Startzeit der fehlerhaften Anwendung: 0x01ce58a8a66c26ec
Pfad
der fehlerhaften Anwendung: C:\Program Files\WindowsApps\27021tamayg.Conquer_1.0.2.0_neutral__v3gh74v7k1ycp\ConquerW8ClientApp.exe
Pfad
des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\KERNELBASE.dll Berichtskennung: fb05c735-c49b-11e2-be93-002268e3e6dd
Vollständiger
Name des fehlerhaften Pakets: 27021tamayg.Conquer_1.0.2.0_neutral__v3gh74v7k1ycp
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 24.05.2013 14:25:28 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.05.2013 18:31:12 | Computer Name = User-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "Apple Mobile Device" konnte nicht neu
gestartet werden.
Error - 24.05.2013 18:43:51 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.05.2013 19:43:10 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.2.9200.16550,
Zeitstempel: 0x5136a2c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000004af9
ID
des fehlerhaften Prozesses: 0x1024 Startzeit der fehlerhaften Anwendung: 0x01ce58cff4f7faea
Pfad
der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\WINDOWS\system32\SHELL32.dll Berichtskennung: b0d6964b-c4cb-11e2-be94-002268e3e6dd
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 24.05.2013 19:43:38 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 13.01.2013 01:45:23 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 06:45:23 - Fehler beim Herstellen der Internetverbindung. 06:45:23
- Serververbindung konnte nicht hergestellt werden..
Error - 13.01.2013 01:45:29 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 06:45:28 - Fehler beim Herstellen der Internetverbindung. 06:45:28
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 06:17:12 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 11:17:12 - Fehler beim Herstellen der Internetverbindung. 11:17:12
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 06:17:24 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 11:17:17 - Fehler beim Herstellen der Internetverbindung. 11:17:17
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 07:17:29 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 12:17:29 - Fehler beim Herstellen der Internetverbindung. 12:17:29
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 07:17:35 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 12:17:34 - Fehler beim Herstellen der Internetverbindung. 12:17:34
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 08:17:39 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 13:17:39 - Fehler beim Herstellen der Internetverbindung. 13:17:39
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 08:17:45 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 13:17:44 - Fehler beim Herstellen der Internetverbindung. 13:17:44
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 09:17:49 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 14:17:49 - Fehler beim Herstellen der Internetverbindung. 14:17:49
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 09:17:55 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 14:17:54 - Fehler beim Herstellen der Internetverbindung. 14:17:54
- Serververbindung konnte nicht hergestellt werden..
< End of report > |