Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: winlogon.exe und csrss.exe ---> Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 30.10.2013, 14:36   #1
Flooschi
 
winlogon.exe und csrss.exe ---> Trojaner - Standard

winlogon.exe und csrss.exe ---> Trojaner



Hallo,

da mein Laptop seit heute stark verlangsamt wird, habe ich genauer hingeschaut und gesehen, dass die prozesse winlogon und csrss in meinem Taskmanager geöffnet sind ohne Beschreibung und Zuordnung. In diesem Moment wurde auch ein "update" für Antivir gefahren, was vermutlich verhindern soll, dass diese Prozesse erkannt werden.

Bitte dementsprechend um Unterstützung bei der Lösung dieses Problems. OTL habe ich schon durchlaufen lassen hier die Scans:

OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.10.2013 14:13:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 61,63% Memory free
15,91 Gb Paging File | 14,11 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144d:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 255,69 Gb Free Space | 60,62% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 20,60 Gb Free Space | 71,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Windows\WebCam\S6000\S6000Mnt.exe (Alcor)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EgisTec Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (EgisTec Service Help) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (EgisTecFF) -- C:\Windows\SysNative\drivers\EgisTecFF.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (S6000KNT) -- C:\Windows\SysNative\drivers\S6000KNT.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egis Technology Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (PDNMp50) -- C:\Windows\SysWOW64\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PDNSp50) -- C:\Windows\SysWOW64\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (StarOpen) -- C:\windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7%7D:1.5.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.autoconfig_url: "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj12eXBmU29PNFZSMCZsaXN0PVBMMjIwMEZCMTJBN0Q3M0VBQiZweHRyeT0xJykgIT0gLTEpIHx8IChob3N0LmluZGV4T2YoJ2MueW91dHViZS5jb20nKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignYy55b3V0dWJlLmNvbS92aWRlb3BsYXliYWNrJykgIT0gLTEgJiYgdXJsLmluZGV4T2YoJ2djcj11cycpICE9IC0xKSkKICAgIHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMjAuMTE0OjMxMzEnOwogIHJldHVybiAnRElSRUNUJzsKfQ=="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011.11.30 06:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.22 16:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2013.10.19 20:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\0w4kwj7j.default\extensions
[2013.10.07 08:37:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\0w4kwj7j.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
[2013.10.19 20:57:34 | 002,209,433 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\0w4kwj7j.default\extensions\firebug@software.joehewitt.com.xpi
[2013.10.15 15:41:53 | 000,042,570 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\0w4kwj7j.default\extensions\firefox@gsremote.com.xpi
[2013.10.11 09:56:22 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\0w4kwj7j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.10.01 10:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.10.01 10:38:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6658424C-49DE-4DC5-836E-BB2D06A32342}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{672B02E2-B1BA-41CC-9042-0EE96B843D90}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.28 20:47:01 | 000,000,000 | ---D | C] -- C:\World of Warcraft - BC
[2013.10.28 16:43:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Blizzard
[2013.10.28 16:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2013.10.28 16:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone
[2013.10.28 16:34:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Blizzard Entertainment
[2013.10.28 16:33:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Battle.net
[2013.10.28 16:33:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Battle.net
[2013.10.28 16:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2013.10.28 16:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2013.10.27 15:48:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wingolf
[2013.10.22 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.10.17 14:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.10.17 14:43:09 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.10.17 14:43:03 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.10.17 14:43:03 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.10.17 14:43:03 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.10.17 14:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.10.17 14:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.10.08 15:24:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogMeIn
[2013.10.08 15:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013.10.05 11:36:12 | 000,466,456 | ---- | C] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2013.10.05 11:36:12 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysNative\OpenAL32.dll
[2013.10.05 11:36:11 | 000,444,952 | ---- | C] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
[2013.10.05 11:36:11 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysWow64\OpenAL32.dll
[2013.10.05 11:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013.10.05 11:36:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Baldur's Gate - Enhanced Edition
[2013.10.04 13:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.10.04 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.10.01 10:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.30 13:33:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.10.30 13:28:13 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.10.30 08:28:41 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.30 08:28:41 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.30 08:26:07 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.10.30 08:26:07 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.10.30 08:26:07 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.10.30 08:26:07 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.10.30 08:26:07 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.10.30 08:20:21 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.10.30 08:20:15 | 000,147,743 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.10.30 08:19:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.10.30 08:19:15 | 3153,702,912 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.29 10:09:18 | 000,007,598 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2013.10.28 16:35:46 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2013.10.22 18:40:52 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.10.17 14:42:50 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.10.17 14:42:50 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.10.17 14:42:50 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.10.17 14:42:49 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.10.15 15:01:00 | 000,001,733 | ---- | M] () -- C:\Users\***\Desktop\swkotor - Verknüpfung.lnk
[2013.10.09 22:12:44 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.10.09 22:12:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.10.05 11:36:12 | 000,466,456 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2013.10.05 11:36:12 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysNative\OpenAL32.dll
[2013.10.05 11:36:11 | 000,444,952 | ---- | M] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
[2013.10.05 11:36:11 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysWow64\OpenAL32.dll
[2013.10.05 11:10:53 | 000,000,212 | ---- | M] () -- C:\Users\***\Desktop\Baldur's Gate Enhanced Edition.url
[2013.10.01 12:54:21 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.10.01 12:54:21 | 000,105,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.10.01 12:54:21 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.10.01 12:54:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2013.10.28 16:35:46 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2013.10.22 18:40:52 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.10.22 18:40:49 | 000,216,064 | ---- | C] () -- C:\windows\SysWow64\gcapi_dll.dll
[2013.10.15 15:01:00 | 000,001,733 | ---- | C] () -- C:\Users\***\Desktop\swkotor - Verknüpfung.lnk
[2013.10.05 11:10:53 | 000,000,212 | ---- | C] () -- C:\Users\***\Desktop\Baldur's Gate Enhanced Edition.url
[2013.05.06 15:06:05 | 000,002,113 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.05.06 14:05:05 | 000,037,623 | ---- | C] () -- C:\Users\***Praktikumsbescheinigung.png
[2013.04.13 13:13:51 | 000,000,001 | ---- | C] () -- C:\windows\SysWow64\SI.bin
[2013.02.20 08:12:51 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2040.DAT
[2013.01.19 22:27:58 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2013.01.15 12:36:00 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2013.01.15 12:35:59 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2030.DAT
[2012.11.17 13:55:00 | 000,000,144 | ---- | C] () -- C:\windows\Sierra.ini
[2012.06.21 17:51:54 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012.01.16 19:01:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.01.16 18:57:33 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys
[2011.11.30 15:16:36 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011.11.30 15:16:35 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011.11.30 15:16:35 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011.11.30 15:16:35 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011.11.30 15:16:35 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011.11.30 15:16:35 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011.11.30 15:16:35 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011.11.30 15:16:35 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011.11.30 15:16:35 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011.11.30 15:16:35 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011.11.30 15:16:34 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011.11.30 15:16:34 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011.11.30 06:21:29 | 000,015,190 | ---- | C] () -- C:\windows\S6000Twn.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.09.25 17:25:13 | 097,787,360 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\龜ꄈ”
[2013.09.25 17:25:13 | 097,787,360 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\龜ꄈ”
[2013.09.24 18:06:33 | 097,540,783 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\秧”
[2013.09.24 12:07:03 | 097,540,783 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\秧”
[2013.09.14 15:56:44 | 097,581,476 | ---- | M] ()(C:\windows\SysWow64\???B) -- C:\windows\SysWow64\ꔥ﯃B
[2013.09.14 09:34:25 | 097,581,476 | ---- | C] ()(C:\windows\SysWow64\???B) -- C:\windows\SysWow64\ꔥ﯃B
[2013.09.10 22:30:31 | 097,004,533 | ---- | M] ()(C:\windows\SysWow64\???u) -- C:\windows\SysWow64\㰼u
[2013.09.10 09:38:49 | 097,004,533 | ---- | C] ()(C:\windows\SysWow64\???u) -- C:\windows\SysWow64\㰼u
[2013.09.06 08:01:45 | 096,304,236 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ắ댷’
[2013.09.06 08:01:45 | 096,304,236 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ắ댷’
[2013.09.03 09:05:32 | 095,452,537 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\쓀឴ž
[2013.09.03 09:05:32 | 095,452,537 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\쓀឴ž
[2013.08.31 14:03:57 | 095,103,849 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ⵛ퐫›
[2013.08.31 14:03:57 | 095,103,849 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ⵛ퐫›
[2013.08.29 22:21:19 | 094,663,095 | ---- | M] ()(C:\windows\SysWow64\???l) -- C:\windows\SysWow64\覨l
[2013.08.29 10:21:53 | 094,663,095 | ---- | C] ()(C:\windows\SysWow64\???l) -- C:\windows\SysWow64\覨l
[2013.08.28 10:47:09 | 100,833,584 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\錗朒›
[2013.08.28 10:47:09 | 100,833,584 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\錗朒›
[2013.08.26 17:53:58 | 100,225,570 | ---- | M] ()(C:\windows\SysWow64\???h) -- C:\windows\SysWow64\珒ꪱh
[2013.08.26 17:53:58 | 100,225,570 | ---- | C] ()(C:\windows\SysWow64\???h) -- C:\windows\SysWow64\珒ꪱh

< End of report >
         
--- --- ---


Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.10.2013 14:13:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 61,63% Memory free
15,91 Gb Paging File | 14,11 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144d:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 255,69 Gb Free Space | 60,62% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 20,60 Gb Free Space | 71,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB10EB4-17CA-478F-824D-5F19776A2BAE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0C498DD3-5FC7-4293-937C-26766B84BEC5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{102CCC7E-5942-428A-BE20-BDC56F1FB6B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{213D57BA-26AA-472A-9D05-A8B723FAD5A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2375660E-AED2-4C95-8216-EC226EBA5EE8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{36327A69-8ACB-4161-B6DD-1426B9B58113}" = lport=139 | protocol=6 | dir=in | app=system | 
"{43ECC38F-9708-4714-A715-0833162EAFE6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{45A29BBC-DCD6-4E60-B69D-9EAC85437F41}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5B5E32B4-994F-4AF6-B7A1-2CD2F6FF2A6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8332F8EA-995F-4FE2-81B3-494E96B334FC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{942883F9-125A-4FBC-A0D8-8AA51C6AE574}" = lport=138 | protocol=17 | dir=in | app=system | 
"{993658BD-2CD0-4E0A-B63D-CE161697D8BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99EA1A59-C034-43C2-A167-A04EDED7F8B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9EB02956-1269-4FA4-863C-E2482700B733}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A2AE5F5C-976C-425A-8AD3-BB89D1757F64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ABB7D7A5-691F-473D-881C-FEA3C734C35D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AF0BFA88-E3BF-4BBF-9CC5-5C6647496589}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B014F40E-2E6C-4A3A-909F-E2EB7970252F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C20D7E17-C1B3-418E-A7FF-8E1A0EDD4578}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C291FCA2-37B6-44BF-AE21-F1FF606F1EA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C2AE3F01-B69B-4AAF-89F4-41CC56319995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D4A29BCE-9AD4-4D67-B001-D3BAABF0FA57}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E060E81E-3040-4D8A-B6F1-6DEC482DEDF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0A7DF85-81B5-4884-820D-C650391FB318}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FA2C6807-0E25-48E0-8937-9B21597611A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DA498A-C08B-4B82-BAF4-EFD453B8C627}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{02D5E593-1726-4DCE-A7D9-402EC91AEBBA}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{05CD5CBB-958C-437A-99B1-6C5E759706C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe | 
"{06A3869E-5658-4FF2-B574-99B5E8A95A58}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{0A5AF610-E5E1-4FCA-964C-F16B8DFD8250}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E92CEF3-DB66-4746-8C5E-509F1CA11F91}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{1319FE1A-F431-4A16-827C-21F141CCA55C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{135E70A2-7348-43AD-8A6A-E1A57FDB4632}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe | 
"{1BBA3BD7-2AB8-44FC-B9BE-AF6451C44E4E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{1E32EB63-4047-4639-AD37-D91FE2D5D0BE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{23D94969-7160-46E9-A117-811D4DE3611D}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{24D5BFF6-9219-4281-B7B5-E03FC89D7C11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{381D476A-2244-46A7-9187-76715B7B3894}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3A1E2D62-5DF8-4FFC-92D2-D59A42DEDE23}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2293\agent.exe | 
"{3DD944D9-2F9C-4155-BC8B-571533E510EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{40BC919C-0306-4750-B655-21F64FCF6F61}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{40DF2F10-2A78-46E5-A31D-B9B667EDD22B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{428BAC94-86F7-4BEF-B8DD-0477EC4C50C5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{437AE081-5B75-40DB-9A48-3ED72EE7F7B4}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{46B541D1-EA9C-4F60-B79B-CCB3348200C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{4AA247FB-0151-4A51-990D-0E8060039B8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4ADF802F-EED4-43A5-93FD-A14B7A29F54E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{4D3DC560-02B3-4371-92D7-0C89D5551ACF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{50C057F3-B878-45A7-B5FF-70C8D0168B9F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{531191E1-F9CE-4C50-9382-575AC6CEBC9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5861CFD6-680B-4CCB-8550-841B0B3C03F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5DE65E1B-7017-4FE0-AF6C-4508023527B8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{61FA7A41-5E14-4117-9377-866A4E2C11AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{6520DB5E-BFB3-45A7-96F5-676D698D241F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{6BBF457F-6466-4A52-9F1C-318125661FED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{71BD360B-9508-4E9D-89F9-ED9DFC446426}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{747BBB99-A924-4968-B0AC-63DF0D129D9D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{79A3AA14-FAEA-4AAA-BE7F-885CCFF24347}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{7E7804E9-7B2C-48AD-AF11-81AE1B18259D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{82F440DA-D8DC-48FA-969C-9B56ACADFF43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\baldur's gate enhanced edition\bgee.exe | 
"{857728AF-FB5E-42BF-AAD3-940C6C3924A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{8891E518-98CC-466E-8E06-75C1C467F5A8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{89A15308-CA32-4965-95B2-3566C3E0438C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{90365848-0380-4AD3-B3E4-10A9CC4CFE67}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{99E7F1FA-EFB8-4313-9F9E-FEE2B936197F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9CED0867-DB1B-410A-AB93-E2C45620A5D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{A295FC3A-FF04-4E6B-9542-816D65E800EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2EF14A6-9311-4237-A0B5-EE79A62146E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A4108EB3-ECFA-47EA-848D-04D9AB16D93E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A5CD99D8-C94A-40B0-867A-697E831C9B19}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{A8880029-ABD7-4E48-B4E5-A6A95AF47E33}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{ACBDEC61-84DA-4F37-BAE9-B62024C3EF02}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AFB96AD4-AC7F-45F3-A18E-175F6866F6C6}" = protocol=58 | dir=in | app=system | 
"{B2C3615E-C358-47CA-B9CF-653934265A9D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{B72B4360-CFEB-4443-96A6-D3AED2A3F6C2}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B79332C5-58DE-43AF-9D4D-B9F9800101E4}" = protocol=6 | dir=out | app=system | 
"{BA5AF0E5-82FA-45CB-B549-260A22420879}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{BC0F15AC-9001-4E25-A7F0-7385B5875291}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{BEC8EAF2-8FC3-4136-BE60-E3502E335DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{C191409D-FCDF-45B8-AA54-4D3D529B2760}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9D7F337-77DF-4F19-9F69-19894FCC023A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\baldur's gate enhanced edition\bgee.exe | 
"{DF971900-EA33-479C-B3A1-E205BB90FA33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E23AA742-A83C-4575-BBBB-462C9C914105}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2293\agent.exe | 
"{E435EDBD-E1BF-4231-9BCF-7A9AEF289A40}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{E9896273-ED3C-4092-AE9A-FFC4A2CE16F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFC6A455-C14F-4971-93C1-0C8BA8CAEF2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F119EA7A-0F10-46BA-A12C-EA653054E1DE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F1C8B522-91DD-44CD-9F44-276A8B4B1059}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{F66DD35F-1AA3-4BEF-BA07-AE162D86D6CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F74DB41A-6C57-41C7-A341-502826A554AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"TCP Query User{1432E79C-B702-45E8-8970-D458CA3C4A48}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{2807A5F9-0A91-4798-B4D9-5682020165CA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{42400D00-9409-4102-8CD1-973DB6FEE8E8}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{48FC0FCA-8128-4DC3-B30C-457DDD5680D8}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"TCP Query User{981AA33A-B969-46C0-A41F-CC18F801E377}C:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe | 
"TCP Query User{A03E0D8C-A80B-4652-97D3-2C3C6EB8EC91}C:\users\***\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{B38F0B78-4808-4CD4-A2B4-B179A5B5F432}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C0C2B868-EA75-4417-A146-EB6D58B3B2F1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{CB9E4922-2A51-4A4C-AB5E-F9C21F02FC78}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | 
"TCP Query User{E9281757-E644-4C30-A570-2CD437526278}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{0A4C0717-3646-48DD-AEE1-7A1105FDFD15}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | 
"UDP Query User{0C15BEBB-0766-497E-A93D-D38163EAAC1A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{5557503E-E757-4D58-B9FB-D68FC13CEAF1}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{7A85A203-D706-4715-9E87-50082A643818}C:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe | 
"UDP Query User{91098E3C-8344-4DA6-9C8B-BF0E73B3A1B1}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"UDP Query User{9125BBF8-0910-4417-BC54-0BF4E67B2604}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{9AD7AEDC-C2BB-447D-8BFB-BC9E94D067A1}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{B7A1AEDA-99FD-409D-BA11-A72734EEEACA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{D2A38190-8D5A-49BA-81CF-07A78BFB594D}C:\users\***\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{DF27A326-9ED5-4817-B42E-5A9B2B3A2CB2}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.4
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.1.0-git-20120217-1212
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2FFBF70A-9D40-4C3C-8F6C-6C3237B419BA}" = Scrolls
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{99A016E1-0840-43AE-8434-A18CEDFA833B}" = LogMeIn Hamachi
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC9B811E-39BC-4813-9E29-B83CCF700010}" = Lenovo EasyCamera
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alice" = Alice-Installationsdateien entfernen
"ANSTOSS 3_is1" = ANSTOSS 3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle.net" = Battle.net
"Diablo III" = Diablo III
"Forte Free" = Forte Free 
"Foxit Reader_is1" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"GOGPACKHOTLINEMIAMI_is1" = Hotline Miami
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"PokerStars.net" = PokerStars.net
"Scrolls 1.0.0" = Scrolls
"SopCast" = SopCast 3.4.8
"Steam App 228280" = Baldur's Gate: Enhanced Edition
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 440" = Team Fortress 2
"Steam App 8930" = Sid Meier's Civilization V
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ OSession Events ]
Error - 18.07.2012 14:06:46 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1525
 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error - 03.05.2013 09:32:00 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2478
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.10.2013 05:18:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 29.10.2013 07:46:19 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.10.2013 12:11:37 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.10.2013 19:46:54 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 29.10.2013 19:48:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 29.10.2013 19:48:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:   %%2
 
Error - 30.10.2013 03:19:12 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 30.10.2013 03:21:29 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:   %%2
 
Error - 30.10.2013 03:21:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 30.10.2013 08:23:41 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---

[/CODE]


Vielen Dank schon einmal im Voraus!

Gruß
Flooschi

Alt 30.10.2013, 15:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon.exe und csrss.exe ---> Trojaner - Standard

winlogon.exe und csrss.exe ---> Trojaner



Hallo und

Zitat:
dass die prozesse winlogon und csrss in meinem Taskmanager geöffnet sind ohne Beschreibung und Zuordnung.
Das allein sehe ich nicht als eindeutigen Hinweis auf Befall. Klar, Schädlinge können sich mit Systemdateinamen tarnen, aber winlogon.exe und csrss.exe sind erstmal legitim und essentiell für das System

Zitat:
In diesem Moment wurde auch ein "update" für Antivir gefahren, was vermutlich verhindern soll, dass diese Prozesse erkannt werden.
Bitte was wie kommst du denn auf sowas?


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 30.10.2013, 16:07   #3
Flooschi
 
winlogon.exe und csrss.exe ---> Trojaner - Standard

winlogon.exe und csrss.exe ---> Trojaner



Hallo und danke für die schnelle Antwort.

Zitat:
Zitat von cosinus Beitrag anzeigen
Das allein sehe ich nicht als eindeutigen Hinweis auf Befall. Klar, Schädlinge können sich mit Systemdateinamen tarnen, aber winlogon.exe und csrss.exe sind erstmal legitim und essentiell für das System
Ich habe nach den Begriffen gegoogelt und es wurde des öfteren darauf hingewiesen, dass, wenn die csrss.exe nicht im Windows/System-Ordner vorhanden ist, es sich um einen Schädling handelt. Das war der Fall, deshalb bin ich ja auch erst darauf gekommen, mein Problem hier zu schildern.

Zitat:
Zitat von cosinus Beitrag anzeigen
Bitte was wie kommst du denn auf sowas?
Das war nur eine Vermutung, da auch mein Antivir-Programm ohne Kennung startete und direkt nach meinem (abgebrochenen) Scan das Update (ebenfalls ohne Kennung) gestartet wurde.

Zitat:
Zitat von cosinus Beitrag anzeigen
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520
Nein, sonst habe ich bislang nichts weiter laufen lassen.

Zitat:
Zitat von cosinus Beitrag anzeigen
Zudem bitte auch ein Log mit Farbars Tool machen:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by Florian (administrator) on FLORIAN-PC on 30-10-2013 16:02:07
Running from C:\Users\Florian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Alcor) C:\windows\WebCam\S6000\S6000Mnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-11-30] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [5908928 2011-11-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-30] (Lenovo)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKLM-x32\...\Run: [S6000Mnt] - C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\0w4kwj7j.default
FF NetworkProxy: "autoconfig_url", "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj12eXBmU29PNFZSMCZsaXN0PVBMMjIwMEZCMTJBN0Q3M0VBQiZweHRyeT0xJykgIT0gLTEpIHx8IChob3N0LmluZGV4T2YoJ2MueW91dHViZS5jb20nKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignYy55b3V0dWJlLmNvbS92aWRlb3BsYXliYWNrJykgIT0gLTEgJiYgdXJsLmluZGV4T2YoJ2djcj11cycpICE9IC0xKSkKICAgIHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMjAuMTE0OjMxMzEnOwogIHJldHVybiAnRElSRUNUJzsKfQ=="
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120217-1212 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\0w4kwj7j.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: firebug - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\0w4kwj7j.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firefox - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\0w4kwj7j.default\Extensions\firefox@gsremote.com.xpi
FF Extension: Adblock Plus - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\0w4kwj7j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-05-07] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-05-07] ()
S3 PDNMp50; C:\windows\SysWow64\drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\windows\SysWow64\drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows (R) Win 7 DDK provider)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 16:02 - 2013-10-30 16:02 - 00000000 ____D C:\FRST
2013-10-30 16:01 - 2013-10-30 16:01 - 01956614 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe
2013-10-30 14:30 - 2013-10-30 14:30 - 00085018 _____ C:\Users\Florian\Desktop\Extras.Txt
2013-10-30 14:27 - 2013-10-30 14:27 - 00084470 _____ C:\Users\Florian\Desktop\OTL.Txt
2013-10-30 14:22 - 2013-10-30 14:22 - 00085298 _____ C:\Users\Florian\Downloads\Extras.Txt
2013-10-30 14:21 - 2013-10-30 14:21 - 00084632 _____ C:\Users\Florian\Downloads\OTL.Txt
2013-10-30 14:12 - 2013-10-30 14:12 - 00602112 _____ (OldTimer Tools) C:\Users\Florian\Downloads\OTL.exe
2013-10-30 11:25 - 2013-10-30 11:25 - 00565763 _____ C:\Users\Florian\Downloads\Decursive-2.3_Beta_3.zip
2013-10-30 11:24 - 2013-10-30 11:24 - 00064015 _____ C:\Users\Florian\Downloads\SellFish.rar
2013-10-30 11:23 - 2013-10-30 11:23 - 00027843 _____ C:\Users\Florian\Downloads\EqCom.rar
2013-10-30 11:22 - 2013-10-30 11:22 - 00704383 _____ C:\Users\Florian\Downloads\AckisRecipeList.rar
2013-10-30 11:22 - 2013-10-30 11:22 - 00054556 _____ C:\Users\Florian\Downloads\Bagnon.zip
2013-10-28 21:49 - 2013-10-28 21:49 - 00442190 _____ C:\Users\Florian\Downloads\Gatherer.rar
2013-10-28 21:49 - 2013-10-28 21:49 - 00333991 _____ C:\Users\Florian\Downloads\Omen.rar
2013-10-28 21:48 - 2013-10-28 21:48 - 02591447 _____ C:\Users\Florian\Downloads\Carbonite.zip
2013-10-28 21:48 - 2013-10-28 21:48 - 00470102 _____ C:\Users\Florian\Downloads\DeadlyBossMods.rar
2013-10-28 21:47 - 2013-10-28 21:47 - 12169525 _____ C:\Users\Florian\Downloads\AtlasCollection.rar
2013-10-28 21:47 - 2013-10-28 21:47 - 00291036 _____ C:\Users\Florian\Downloads\cartographer3-v0.8.zip
2013-10-28 21:46 - 2013-10-28 21:46 - 00576991 _____ C:\Users\Florian\Downloads\Altoholic.rar
2013-10-28 20:47 - 2013-10-28 20:48 - 00000000 ____D C:\World of Warcraft - BC
2013-10-28 20:44 - 2013-10-28 20:46 - 559673528 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part10.rar
2013-10-28 20:37 - 2013-10-28 20:41 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part09.rar
2013-10-28 20:30 - 2013-10-28 20:34 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part07.rar
2013-10-28 20:19 - 2013-10-28 20:26 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part08.rar
2013-10-28 20:10 - 2013-10-28 20:15 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part06.rar
2013-10-28 20:02 - 2013-10-28 20:06 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part05.rar
2013-10-28 19:55 - 2013-10-28 19:59 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part04.rar
2013-10-28 19:45 - 2013-10-28 19:52 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part03.rar
2013-10-28 19:33 - 2013-10-28 19:44 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part02.rar
2013-10-28 19:24 - 2013-10-28 19:30 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part01.rar
2013-10-28 19:24 - 2013-10-28 19:24 - 00010784 _____ C:\Users\Florian\Downloads\b2b.torrent.zip
2013-10-28 16:43 - 2013-10-28 16:43 - 00000000 ____D C:\Users\Florian\AppData\Local\Blizzard
2013-10-28 16:35 - 2013-10-28 16:43 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2013-10-28 16:35 - 2013-10-28 16:35 - 00000900 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2013-10-28 16:34 - 2013-10-28 16:34 - 00000000 ____D C:\Users\Florian\AppData\Local\Blizzard Entertainment
2013-10-28 16:33 - 2013-10-29 09:36 - 00000000 ____D C:\Users\Florian\AppData\Local\Battle.net
2013-10-28 16:33 - 2013-10-28 17:17 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Battle.net
2013-10-28 16:33 - 2013-10-28 16:33 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-10-27 16:12 - 2013-10-27 16:13 - 05906904 _____ (Blizzard Entertainment) C:\Users\Florian\Downloads\Hearthstone-Beta-Setup-deDE.exe
2013-10-27 15:48 - 2013-10-27 15:48 - 00000000 ____D C:\Users\Florian\Desktop\Wingolf
2013-10-22 18:40 - 2013-10-22 18:40 - 00002054 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-10-22 18:40 - 2013-06-09 20:59 - 00216064 _____ C:\windows\SysWOW64\gcapi_dll.dll
2013-10-17 14:43 - 2013-10-17 14:42 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-17 14:43 - 2013-10-17 14:42 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-17 14:43 - 2013-10-17 14:42 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-17 14:43 - 2013-10-17 14:42 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 14:42 - 2013-10-17 14:42 - 00915368 _____ (Oracle Corporation) C:\Users\Florian\Downloads\jxpiinstall(6).exe
2013-10-17 14:42 - 2013-10-17 14:42 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 14:37 - 2013-10-17 14:37 - 00915368 _____ (Oracle Corporation) C:\Users\Florian\Downloads\jxpiinstall(5).exe
2013-10-17 14:32 - 2013-10-17 14:32 - 30694824 _____ (Oracle Corporation) C:\Users\Florian\Downloads\jre-7u45-windows-x64.exe
2013-10-15 15:01 - 2013-10-15 15:01 - 00001733 _____ C:\Users\Florian\Desktop\swkotor - Verknüpfung.lnk
2013-10-08 15:24 - 2013-10-08 15:24 - 00000000 ____D C:\Users\Florian\AppData\Local\LogMeIn
2013-10-08 15:24 - 2013-10-08 15:24 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-05 15:32 - 2013-10-05 15:32 - 00099763 _____ C:\Users\Florian\Downloads\zum_mittelpunkt_der_erde.zip
2013-10-05 11:36 - 2013-10-05 13:11 - 00000000 ____D C:\Users\Florian\Documents\Baldur's Gate - Enhanced Edition
2013-10-05 11:36 - 2013-10-05 11:36 - 00466456 _____ (Creative Labs) C:\windows\system32\wrap_oal.dll
2013-10-05 11:36 - 2013-10-05 11:36 - 00444952 _____ (Creative Labs) C:\windows\SysWOW64\wrap_oal.dll
2013-10-05 11:36 - 2013-10-05 11:36 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\windows\system32\OpenAL32.dll
2013-10-05 11:36 - 2013-10-05 11:36 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\windows\SysWOW64\OpenAL32.dll
2013-10-05 11:36 - 2013-10-05 11:36 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-10-05 11:10 - 2013-10-05 11:10 - 00000212 _____ C:\Users\Florian\Desktop\Baldur's Gate Enhanced Edition.url
2013-10-04 13:59 - 2013-10-04 13:59 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-01 15:29 - 2013-10-02 18:00 - 00033792 _____ C:\Users\Florian\Downloads\to-do Liste.xls
2013-10-01 10:38 - 2013-10-01 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-30 16:02 - 2013-10-30 16:02 - 00000000 ____D C:\FRST
2013-10-30 16:01 - 2013-10-30 16:01 - 01956614 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe
2013-10-30 15:50 - 2013-09-25 07:35 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 15:50 - 2011-11-30 05:48 - 01108863 _____ C:\windows\WindowsUpdate.log
2013-10-30 15:28 - 2011-11-30 06:40 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 14:30 - 2013-10-30 14:30 - 00085018 _____ C:\Users\Florian\Desktop\Extras.Txt
2013-10-30 14:27 - 2013-10-30 14:27 - 00084470 _____ C:\Users\Florian\Desktop\OTL.Txt
2013-10-30 14:22 - 2013-10-30 14:22 - 00085298 _____ C:\Users\Florian\Downloads\Extras.Txt
2013-10-30 14:21 - 2013-10-30 14:21 - 00084632 _____ C:\Users\Florian\Downloads\OTL.Txt
2013-10-30 14:12 - 2013-10-30 14:12 - 00602112 _____ (OldTimer Tools) C:\Users\Florian\Downloads\OTL.exe
2013-10-30 11:25 - 2013-10-30 11:25 - 00565763 _____ C:\Users\Florian\Downloads\Decursive-2.3_Beta_3.zip
2013-10-30 11:24 - 2013-10-30 11:24 - 00064015 _____ C:\Users\Florian\Downloads\SellFish.rar
2013-10-30 11:23 - 2013-10-30 11:23 - 00027843 _____ C:\Users\Florian\Downloads\EqCom.rar
2013-10-30 11:22 - 2013-10-30 11:22 - 00704383 _____ C:\Users\Florian\Downloads\AckisRecipeList.rar
2013-10-30 11:22 - 2013-10-30 11:22 - 00054556 _____ C:\Users\Florian\Downloads\Bagnon.zip
2013-10-30 09:43 - 2012-01-08 15:46 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Skype
2013-10-30 08:28 - 2009-07-14 05:45 - 00021072 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 08:28 - 2009-07-14 05:45 - 00021072 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 08:26 - 2011-11-18 20:55 - 00654166 _____ C:\windows\system32\perfh007.dat
2013-10-30 08:26 - 2011-11-18 20:55 - 00130006 _____ C:\windows\system32\perfc007.dat
2013-10-30 08:26 - 2009-07-14 06:13 - 01498506 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-30 08:22 - 2012-01-09 18:07 - 00000000 ___RD C:\Users\Florian\Dropbox
2013-10-30 08:22 - 2012-01-09 18:05 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Dropbox
2013-10-30 08:21 - 2013-04-08 20:13 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-30 08:20 - 2012-01-11 20:17 - 00000000 ____D C:\Users\Florian\AppData\Local\LogMeIn Hamachi
2013-10-30 08:20 - 2011-11-30 06:45 - 00147743 _____ C:\windows\system32\fastboot.set
2013-10-30 08:20 - 2011-11-30 06:40 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 08:19 - 2013-06-28 22:27 - 00014078 _____ C:\windows\setupact.log
2013-10-30 08:19 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-29 10:09 - 2012-06-21 17:51 - 00007598 _____ C:\Users\Florian\AppData\Local\Resmon.ResmonCfg
2013-10-29 09:36 - 2013-10-28 16:33 - 00000000 ____D C:\Users\Florian\AppData\Local\Battle.net
2013-10-28 21:49 - 2013-10-28 21:49 - 00442190 _____ C:\Users\Florian\Downloads\Gatherer.rar
2013-10-28 21:49 - 2013-10-28 21:49 - 00333991 _____ C:\Users\Florian\Downloads\Omen.rar
2013-10-28 21:48 - 2013-10-28 21:48 - 02591447 _____ C:\Users\Florian\Downloads\Carbonite.zip
2013-10-28 21:48 - 2013-10-28 21:48 - 00470102 _____ C:\Users\Florian\Downloads\DeadlyBossMods.rar
2013-10-28 21:47 - 2013-10-28 21:47 - 12169525 _____ C:\Users\Florian\Downloads\AtlasCollection.rar
2013-10-28 21:47 - 2013-10-28 21:47 - 00291036 _____ C:\Users\Florian\Downloads\cartographer3-v0.8.zip
2013-10-28 21:46 - 2013-10-28 21:46 - 00576991 _____ C:\Users\Florian\Downloads\Altoholic.rar
2013-10-28 20:58 - 2012-07-22 21:43 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-28 20:48 - 2013-10-28 20:47 - 00000000 ____D C:\World of Warcraft - BC
2013-10-28 20:46 - 2013-10-28 20:44 - 559673528 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part10.rar
2013-10-28 20:41 - 2013-10-28 20:37 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part09.rar
2013-10-28 20:34 - 2013-10-28 20:30 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part07.rar
2013-10-28 20:26 - 2013-10-28 20:19 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part08.rar
2013-10-28 20:15 - 2013-10-28 20:10 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part06.rar
2013-10-28 20:06 - 2013-10-28 20:02 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part05.rar
2013-10-28 19:59 - 2013-10-28 19:55 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part04.rar
2013-10-28 19:52 - 2013-10-28 19:45 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part03.rar
2013-10-28 19:44 - 2013-10-28 19:33 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part02.rar
2013-10-28 19:42 - 2012-01-10 15:59 - 00000000 ____D C:\Users\Florian\AppData\Roaming\TS3Client
2013-10-28 19:30 - 2013-10-28 19:24 - 891289600 _____ C:\Users\Florian\Downloads\World_of_Warcraft_BC-B2B.part01.rar
2013-10-28 19:24 - 2013-10-28 19:24 - 00010784 _____ C:\Users\Florian\Downloads\b2b.torrent.zip
2013-10-28 19:21 - 2012-02-27 12:02 - 00000000 ____D C:\World of Warcraft - WOTLK
2013-10-28 17:17 - 2013-10-28 16:33 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Battle.net
2013-10-28 16:43 - 2013-10-28 16:43 - 00000000 ____D C:\Users\Florian\AppData\Local\Blizzard
2013-10-28 16:43 - 2013-10-28 16:35 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2013-10-28 16:35 - 2013-10-28 16:35 - 00000900 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2013-10-28 16:34 - 2013-10-28 16:34 - 00000000 ____D C:\Users\Florian\AppData\Local\Blizzard Entertainment
2013-10-28 16:33 - 2013-10-28 16:33 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-10-27 16:25 - 2012-03-04 22:06 - 00000000 ____D C:\Users\Florian\AppData\Roaming\vlc
2013-10-27 16:13 - 2013-10-27 16:12 - 05906904 _____ (Blizzard Entertainment) C:\Users\Florian\Downloads\Hearthstone-Beta-Setup-deDE.exe
2013-10-27 15:48 - 2013-10-27 15:48 - 00000000 ____D C:\Users\Florian\Desktop\Wingolf
2013-10-26 11:58 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-10-26 11:57 - 2013-02-06 19:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-26 11:57 - 2012-01-08 15:46 - 00000000 ____D C:\ProgramData\Skype
2013-10-25 12:21 - 2013-01-18 15:49 - 00000000 ____D C:\Users\Florian\AppData\Local\PokerStars.NET
2013-10-24 16:00 - 2012-01-17 17:09 - 00000000 ____D C:\Users\Florian\Desktop\BAII
2013-10-22 18:40 - 2013-10-22 18:40 - 00002054 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-10-21 07:20 - 2013-02-24 18:46 - 00000000 ____D C:\Users\Florian\Desktop\Master Clausthal
2013-10-17 14:43 - 2013-09-17 14:07 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 14:42 - 2013-10-17 14:43 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-17 14:42 - 2013-10-17 14:43 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-17 14:42 - 2013-10-17 14:43 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-17 14:42 - 2013-10-17 14:43 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 14:42 - 2013-10-17 14:42 - 00915368 _____ (Oracle Corporation) C:\Users\Florian\Downloads\jxpiinstall(6).exe
2013-10-17 14:42 - 2013-10-17 14:42 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 14:37 - 2013-10-17 14:37 - 00915368 _____ (Oracle Corporation) C:\Users\Florian\Downloads\jxpiinstall(5).exe
2013-10-17 14:32 - 2013-10-17 14:32 - 30694824 _____ (Oracle Corporation) C:\Users\Florian\Downloads\jre-7u45-windows-x64.exe
2013-10-15 15:01 - 2013-10-15 15:01 - 00001733 _____ C:\Users\Florian\Desktop\swkotor - Verknüpfung.lnk
2013-10-11 23:41 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-10 23:23 - 2011-11-30 06:40 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 23:23 - 2011-11-30 06:40 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-09 22:12 - 2013-09-25 07:35 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 22:12 - 2012-08-30 07:36 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 22:12 - 2011-12-22 16:08 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 18:00 - 2013-04-08 22:28 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-08 15:24 - 2013-10-08 15:24 - 00000000 ____D C:\Users\Florian\AppData\Local\LogMeIn
2013-10-08 15:24 - 2013-10-08 15:24 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-05 15:32 - 2013-10-05 15:32 - 00099763 _____ C:\Users\Florian\Downloads\zum_mittelpunkt_der_erde.zip
2013-10-05 13:11 - 2013-10-05 11:36 - 00000000 ____D C:\Users\Florian\Documents\Baldur's Gate - Enhanced Edition
2013-10-05 11:36 - 2013-10-05 11:36 - 00466456 _____ (Creative Labs) C:\windows\system32\wrap_oal.dll
2013-10-05 11:36 - 2013-10-05 11:36 - 00444952 _____ (Creative Labs) C:\windows\SysWOW64\wrap_oal.dll
2013-10-05 11:36 - 2013-10-05 11:36 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\windows\system32\OpenAL32.dll
2013-10-05 11:36 - 2013-10-05 11:36 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\windows\SysWOW64\OpenAL32.dll
2013-10-05 11:36 - 2013-10-05 11:36 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-10-05 11:10 - 2013-10-05 11:10 - 00000212 _____ C:\Users\Florian\Desktop\Baldur's Gate Enhanced Edition.url
2013-10-04 13:59 - 2013-10-04 13:59 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-02 18:00 - 2013-10-01 15:29 - 00033792 _____ C:\Users\Florian\Downloads\to-do Liste.xls
2013-10-02 07:58 - 2012-04-26 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 14:09 - 2011-12-22 16:04 - 00000000 ____D C:\Users\Florian\AppData\Local\Mozilla
2013-10-01 12:54 - 2013-05-02 09:42 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-10-01 12:54 - 2013-03-30 11:32 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-10-01 12:54 - 2013-03-30 11:32 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-10-01 12:54 - 2013-03-30 11:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-10-01 10:38 - 2013-10-01 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Florian\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Florian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Florian\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-22 18:23

==================== End Of Log ============================
         
--- --- ---




Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2013
Ran by Florian at 2013-10-30 16:02:49
Running from C:\Users\Florian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Alice-Installationsdateien entfernen (x32)
ANSTOSS 3 (x32)
Atheros Client Installation Program (x32 Version: 7.0)
Avira Free Antivirus (x32 Version: 14.0.0.383)
Baldur's Gate: Enhanced Edition (x32)
Battle.net (x32)
BioExcess (Version: 7.0.67.0)
BioExcess (x32 Version: 7.0.67.0)
CCleaner (Version: 4.02)
CyberLink YouCam (x32 Version: 3.1.3623)
D3DX10 (x32 Version: 15.4.2368.0902)
Diablo III (x32)
Dropbox (HKCU Version: 2.0.22)
EgisTec ES603 WDM Driver (x32 Version: 3.0.10.4)
Energy Management (x32 Version: 6.0.2.1)
Forte Free  (x32)
Foxit Reader (x32 Version: 6.0.6.722)
Free YouTube Download version 3.2.1.320 (x32 Version: 3.2.1.320)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Hearthstone (x32)
Heroes of Might & Magic V: Hammers of Fate (x32)
Heroes of Might and Magic V - Tribes of the East (x32)
Heroes of Might and Magic V (x32)
Heroes of Might and Magic® III Complete (x32)
Hotline Miami (x32 Version: 2.0.0.4)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2342)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.5.1001)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.8000)
Lenovo EasyCamera (x32 Version: 2.16.23.3)
Lenovo EE Boot Optimizer (Version: 0.0.1.6)
Lenovo OneKey Recovery (Version: 7.0.1628)
Lenovo OneKey Recovery (x32 Version: 7.0.1628)
Lenovo Security Suite (x32 Version: 2.0.11.0)
LogMeIn Hamachi (x32 Version: 2.2.0.58)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Oblivion (x32 Version: 1.2.0416)
OpenAL (x32)
Path of Exile (x32 Version: 0.10.0.22571)
PokerStars.net (x32)
Port Locker (Version: 1.0.5.24)
Port Locker (x32 Version: 1.0.5.24)
Power2Go (x32 Version: 5.6.0.7303)
Project64 1.6 (x32 Version: 1.6)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6282)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 (x32 Version: 3.0.0.80601)
Samsung PC Studio 3 (x32 Version: 3.2.2.80601)
Samsung PC Studio 3 USB Driver Installer (x32 Version: 3.2.0.70701)
Scrolls (x32 Version: 1.0.0)
Sid Meier's Civilization V (x32)
Skype™ 6.9 (x32 Version: 6.9.106)
SopCast 3.4.8 (x32 Version: 3.4.8)
Star Wars: Knights of the Old Republic (x32)
Steam (x32 Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
Team Fortress 2 (x32)
TeamSpeak 3 Client (x32 Version: 3.0.11.1)
Torchlight (x32 Version: 1.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.1.0-git-20120217-1212 (Version: 2.1.0-git-20120217-1212)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)

==================== Restore Points  =========================

01-10-2013 15:18:27 Geplanter Prüfpunkt
08-10-2013 18:02:07 Geplanter Prüfpunkt
16-10-2013 02:45:52 Geplanter Prüfpunkt
17-10-2013 13:32:49 Installed Java 7 Update 45 (64-bit)
17-10-2013 13:39:09 Removed Java 7 Update 45 (64-bit)
17-10-2013 13:39:47 Removed Java 7 Update 40
17-10-2013 13:42:38 Installed Java 7 Update 45
23-10-2013 13:22:55 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {068BF1C8-1FFD-47AA-966F-C60458A08533} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {077D55F3-EB52-47BD-B634-2005D115A09C} - System32\Tasks\{D4FC2DC0-2976-437D-AE95-88742D870F34} => C:\Program Files (x86)\icytower1.5\icytower15.exe
Task: {22E856F1-B77D-461F-A09F-64EA62B131FC} - System32\Tasks\{06D53B64-F38C-43E0-A1A2-2313226E1009} => C:\Users\Florian\Desktop\Worms\wwp.exe
Task: {266C288B-164B-411F-A6B6-36070BF95125} - System32\Tasks\{D952DC26-F51E-44D3-9C98-0E2F78B62E66} => C:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\speed2.exe
Task: {53DC0D26-E2F5-4F1B-8F06-D2342D90F47C} - System32\Tasks\{4B9A3FCE-3420-4FFA-B67F-A582E1CC6626} => C:\Program Files (x86)\ANSTOSS 3\anstoss3.exe [2000-02-16] ()
Task: {59708AA1-94E4-4122-8031-9EF6A1FBEE37} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {8871A7B7-B3E4-467C-8945-E2E137CF565D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {C7A087E5-D500-444E-85C3-100D29C0B527} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {DF0A9FC3-55E3-4D27-B98E-1BDD88F46FD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {E370484B-D296-4989-8ADC-69F484D23349} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-14 16:14 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2008-12-20 04:20 - 2011-11-30 06:43 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-11-30 06:43 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-04-15 06:28 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-17 08:26 - 2013-03-17 08:20 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-01 10:38 - 2013-10-01 10:38 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2013 01:23:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/30/2013 01:23:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/30/2013 01:23:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/30/2013 01:23:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/30/2013 01:23:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/30/2013 01:11:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/30/2013 01:11:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/30/2013 01:11:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/30/2013 01:11:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (10/30/2013 01:11:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (10/30/2013 01:23:41 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARTIN-FRINGSPC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6658424C-49DE-4DC5-836E-BB2D06A32342}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (10/30/2013 08:21:46 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (10/30/2013 08:21:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (10/30/2013 08:19:12 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (10/30/2013 00:48:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (10/30/2013 00:48:18 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (10/30/2013 00:46:54 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (10/29/2013 05:11:37 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARTIN-FRINGSPC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6658424C-49DE-4DC5-836E-BB2D06A32342}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (10/29/2013 00:46:19 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARTIN-FRINGSPC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6658424C-49DE-4DC5-836E-BB2D06A32342}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (10/29/2013 10:18:27 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen


Microsoft Office Sessions:
=========================
Error: (05/03/2013 02:32:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2478 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/18/2012 07:06:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1525 seconds with 1500 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 4010.14 MB
Available physical RAM: 2270.69 MB
Total Pagefile: 16296.33 MB
Available Pagefile: 14371.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:255.6 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:20.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 544681EF)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================
         
Gruß
Flooschi
__________________

Alt 30.10.2013, 16:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon.exe und csrss.exe ---> Trojaner - Standard

winlogon.exe und csrss.exe ---> Trojaner



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu winlogon.exe und csrss.exe ---> Trojaner
antivir, application/pdf:, avira, bho, browser, desktop, error, firefox, flash player, help, helper, home, homepage, install.exe, logfile, mozilla, object, plug-in, pmmupdate.exe, popup, realtek, registry, security, software, svchost.exe, taskmanager, teamspeak, trojaner, windows



Ähnliche Themen: winlogon.exe und csrss.exe ---> Trojaner


  1. atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.
    Log-Analyse und Auswertung - 26.07.2015 (4)
  2. Windows7: zu langsam - atiedxx.exe, csrss.exe und winlogon.exe
    Log-Analyse und Auswertung - 21.06.2015 (12)
  3. Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe
    Log-Analyse und Auswertung - 05.03.2015 (11)
  4. Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig
    Plagegeister aller Art und deren Bekämpfung - 09.08.2014 (5)
  5. Virus (csrss.exe/winlogon.exe) nach mbr und normaler Formatierung immer noch da
    Log-Analyse und Auswertung - 19.05.2014 (7)
  6. Winlogon.exe & csrss.exe...Virus? Trojan (?)
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (22)
  7. tpnumlk.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (21)
  8. atiecixx.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 28.10.2011 (7)
  9. Prozesse ohne Beschreibung & Benutzer (csrss.exe aticlxx.exe winlogon.exe) evtl Virus von Facebook
    Plagegeister aller Art und deren Bekämpfung - 22.09.2011 (9)
  10. Prozesse csrss.exe, atiedxx.exe, winlogon; Computer langsam
    Log-Analyse und Auswertung - 21.08.2011 (5)
  11. Facebook-Virus?, *.JPG.scr geöffnet, Folge: winsvc.exe, csrss.exe, atiedxx.exe, winlogon.exe
    Log-Analyse und Auswertung - 16.08.2011 (2)
  12. Trojaner + csrss.exe & winlogon.exe ohne Beschreibung
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (32)
  13. Csrss.exe Winlogon.exe Atieclxx.exe ohne zuweisung im Taskmanager
    Log-Analyse und Auswertung - 26.05.2011 (6)
  14. atiedxx,csrss sowie winlogon.exe ohne Dateipfad - Verseucht!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (1)
  15. csrss.exe, atiedxx.exe, winlogon?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (7)
  16. winlogon.exe/csrss.exe ? jemand entscheidet was ich darf und was nicht..Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (10)
  17. csrss/winlogon/rundll32 unter vista,HILFE
    Log-Analyse und Auswertung - 08.08.2008 (6)

Zum Thema winlogon.exe und csrss.exe ---> Trojaner - Hallo, da mein Laptop seit heute stark verlangsamt wird, habe ich genauer hingeschaut und gesehen, dass die prozesse winlogon und csrss in meinem Taskmanager geöffnet sind ohne Beschreibung und Zuordnung. - winlogon.exe und csrss.exe ---> Trojaner...
Archiv
Du betrachtest: winlogon.exe und csrss.exe ---> Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.