| |
| |||||||
Log-Analyse und Auswertung: winlogon.exe und csrss.exe ---> TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.10.2013, 14:36
| #1 |
| |  winlogon.exe und csrss.exe ---> Trojaner Hallo, da mein Laptop seit heute stark verlangsamt wird, habe ich genauer hingeschaut und gesehen, dass die prozesse winlogon und csrss in meinem Taskmanager geöffnet sind ohne Beschreibung und Zuordnung. In diesem Moment wurde auch ein "update" für Antivir gefahren, was vermutlich verhindern soll, dass diese Prozesse erkannt werden. Bitte dementsprechend um Unterstützung bei der Lösung dieses Problems. OTL habe ich schon durchlaufen lassen hier die Scans: OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.10.2013 14:13:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 61,63% Memory free 15,91 Gb Paging File | 14,11 Gb Available in Paging File | 88,65% Paging File free Paging file location(s): c:\pagefile.sys 6144 6144d:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 255,69 Gb Free Space | 60,62% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 20,60 Gb Free Space | 71,05% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Windows\WebCam\S6000\S6000Mnt.exe (Alcor) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. ) PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. ) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. ) PRC - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. ) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (EgisTec Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. ) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (EgisTec Service Help) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. ) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo) DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (EgisTecFF) -- C:\Windows\SysNative\drivers\EgisTecFF.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (S6000KNT) -- C:\Windows\SysNative\drivers\S6000KNT.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egis Technology Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (PDNMp50) -- C:\Windows\SysWOW64\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\Windows\SysWOW64\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (StarOpen) -- C:\windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7%7D:1.5.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - prefs.js..network.proxy.autoconfig_url: "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj12eXBmU29PNFZSMCZsaXN0PVBMMjIwMEZCMTJBN0Q3M0VBQiZweHRyeT0xJykgIT0gLTEpIHx8IChob3N0LmluZGV4T2YoJ2MueW91dHViZS5jb20nKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignYy55b3V0dWJlLmNvbS92aWRlb3BsYXliYWNrJykgIT0gLTEgJiYgdXJsLmluZGV4T2YoJ2djcj11cycpICE9IC0xKSkKICAgIHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMjAuMTE0OjMxMzEnOwogIHJldHVybiAnRElSRUNUJzsKfQ==" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011.11.30 06:27:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.22 16:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions [2013.10.19 20:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\0w4kwj7j.default\extensions [2013.10.07 08:37:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\0w4kwj7j.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013.10.19 20:57:34 | 002,209,433 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\0w4kwj7j.default\extensions\firebug@software.joehewitt.com.xpi [2013.10.15 15:41:53 | 000,042,570 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\0w4kwj7j.default\extensions\firefox@gsremote.com.xpi [2013.10.11 09:56:22 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\0w4kwj7j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.10.01 10:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.10.01 10:38:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt File not found O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6658424C-49DE-4DC5-836E-BB2D06A32342}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{672B02E2-B1BA-41CC-9042-0EE96B843D90}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.10.28 20:47:01 | 000,000,000 | ---D | C] -- C:\World of Warcraft - BC [2013.10.28 16:43:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Blizzard [2013.10.28 16:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone [2013.10.28 16:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone [2013.10.28 16:34:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Blizzard Entertainment [2013.10.28 16:33:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Battle.net [2013.10.28 16:33:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Battle.net [2013.10.28 16:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net [2013.10.28 16:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net [2013.10.27 15:48:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wingolf [2013.10.22 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.10.17 14:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.10.17 14:43:09 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.10.17 14:43:03 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.10.17 14:43:03 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.10.17 14:43:03 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.10.17 14:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013.10.17 14:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.10.08 15:24:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogMeIn [2013.10.08 15:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn [2013.10.05 11:36:12 | 000,466,456 | ---- | C] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll [2013.10.05 11:36:12 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysNative\OpenAL32.dll [2013.10.05 11:36:11 | 000,444,952 | ---- | C] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll [2013.10.05 11:36:11 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysWow64\OpenAL32.dll [2013.10.05 11:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2013.10.05 11:36:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Baldur's Gate - Enhanced Edition [2013.10.04 13:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.10.04 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.10.01 10:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.10.30 13:33:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.10.30 13:28:13 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.10.30 08:28:41 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.10.30 08:28:41 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.10.30 08:26:07 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.10.30 08:26:07 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.10.30 08:26:07 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.10.30 08:26:07 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.10.30 08:26:07 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.10.30 08:20:21 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.10.30 08:20:15 | 000,147,743 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.10.30 08:19:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.10.30 08:19:15 | 3153,702,912 | -HS- | M] () -- C:\hiberfil.sys [2013.10.29 10:09:18 | 000,007,598 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2013.10.28 16:35:46 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk [2013.10.22 18:40:52 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.10.17 14:42:50 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.10.17 14:42:50 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.10.17 14:42:50 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.10.17 14:42:49 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.10.15 15:01:00 | 000,001,733 | ---- | M] () -- C:\Users\***\Desktop\swkotor - Verknüpfung.lnk [2013.10.09 22:12:44 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.10.09 22:12:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.10.05 11:36:12 | 000,466,456 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll [2013.10.05 11:36:12 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysNative\OpenAL32.dll [2013.10.05 11:36:11 | 000,444,952 | ---- | M] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll [2013.10.05 11:36:11 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysWow64\OpenAL32.dll [2013.10.05 11:10:53 | 000,000,212 | ---- | M] () -- C:\Users\***\Desktop\Baldur's Gate Enhanced Edition.url [2013.10.01 12:54:21 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.10.01 12:54:21 | 000,105,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.10.01 12:54:21 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys [2013.10.01 12:54:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2013.10.28 16:35:46 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk [2013.10.22 18:40:52 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.10.22 18:40:49 | 000,216,064 | ---- | C] () -- C:\windows\SysWow64\gcapi_dll.dll [2013.10.15 15:01:00 | 000,001,733 | ---- | C] () -- C:\Users\***\Desktop\swkotor - Verknüpfung.lnk [2013.10.05 11:10:53 | 000,000,212 | ---- | C] () -- C:\Users\***\Desktop\Baldur's Gate Enhanced Edition.url [2013.05.06 15:06:05 | 000,002,113 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.05.06 14:05:05 | 000,037,623 | ---- | C] () -- C:\Users\***Praktikumsbescheinigung.png [2013.04.13 13:13:51 | 000,000,001 | ---- | C] () -- C:\windows\SysWow64\SI.bin [2013.02.20 08:12:51 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2040.DAT [2013.01.19 22:27:58 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll [2013.01.15 12:36:00 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI [2013.01.15 12:35:59 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2030.DAT [2012.11.17 13:55:00 | 000,000,144 | ---- | C] () -- C:\windows\Sierra.ini [2012.06.21 17:51:54 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012.01.16 19:01:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.01.16 18:57:33 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys [2011.11.30 15:16:36 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS [2011.11.30 15:16:35 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll [2011.11.30 15:16:35 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll [2011.11.30 15:16:35 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll [2011.11.30 15:16:35 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll [2011.11.30 15:16:35 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll [2011.11.30 15:16:35 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll [2011.11.30 15:16:35 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe [2011.11.30 15:16:35 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE [2011.11.30 15:16:35 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE [2011.11.30 15:16:34 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe [2011.11.30 15:16:34 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys [2011.11.30 06:21:29 | 000,015,190 | ---- | C] () -- C:\windows\S6000Twn.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2013.09.25 17:25:13 | 097,787,360 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\龜ꄈ” [2013.09.25 17:25:13 | 097,787,360 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\龜ꄈ” [2013.09.24 18:06:33 | 097,540,783 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\秧” [2013.09.24 12:07:03 | 097,540,783 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\秧” [2013.09.14 15:56:44 | 097,581,476 | ---- | M] ()(C:\windows\SysWow64\???B) -- C:\windows\SysWow64\ꔥB [2013.09.14 09:34:25 | 097,581,476 | ---- | C] ()(C:\windows\SysWow64\???B) -- C:\windows\SysWow64\ꔥB [2013.09.10 22:30:31 | 097,004,533 | ---- | M] ()(C:\windows\SysWow64\???u) -- C:\windows\SysWow64\㰼u [2013.09.10 09:38:49 | 097,004,533 | ---- | C] ()(C:\windows\SysWow64\???u) -- C:\windows\SysWow64\㰼u [2013.09.06 08:01:45 | 096,304,236 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ắ댷’ [2013.09.06 08:01:45 | 096,304,236 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ắ댷’ [2013.09.03 09:05:32 | 095,452,537 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\쓀឴ž [2013.09.03 09:05:32 | 095,452,537 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\쓀឴ž [2013.08.31 14:03:57 | 095,103,849 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ⵛ퐫› [2013.08.31 14:03:57 | 095,103,849 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\ⵛ퐫› [2013.08.29 22:21:19 | 094,663,095 | ---- | M] ()(C:\windows\SysWow64\???l) -- C:\windows\SysWow64\覨l [2013.08.29 10:21:53 | 094,663,095 | ---- | C] ()(C:\windows\SysWow64\???l) -- C:\windows\SysWow64\覨l [2013.08.28 10:47:09 | 100,833,584 | ---- | M] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\錗朒› [2013.08.28 10:47:09 | 100,833,584 | ---- | C] ()(C:\windows\SysWow64\????) -- C:\windows\SysWow64\錗朒› [2013.08.26 17:53:58 | 100,225,570 | ---- | M] ()(C:\windows\SysWow64\???h) -- C:\windows\SysWow64\珒ꪱh [2013.08.26 17:53:58 | 100,225,570 | ---- | C] ()(C:\windows\SysWow64\???h) -- C:\windows\SysWow64\珒ꪱh < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.10.2013 14:13:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 61,63% Memory free
15,91 Gb Paging File | 14,11 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144d:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 255,69 Gb Free Space | 60,62% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 20,60 Gb Free Space | 71,05% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB10EB4-17CA-478F-824D-5F19776A2BAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C498DD3-5FC7-4293-937C-26766B84BEC5}" = rport=139 | protocol=6 | dir=out | app=system |
"{102CCC7E-5942-428A-BE20-BDC56F1FB6B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{213D57BA-26AA-472A-9D05-A8B723FAD5A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2375660E-AED2-4C95-8216-EC226EBA5EE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{36327A69-8ACB-4161-B6DD-1426B9B58113}" = lport=139 | protocol=6 | dir=in | app=system |
"{43ECC38F-9708-4714-A715-0833162EAFE6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45A29BBC-DCD6-4E60-B69D-9EAC85437F41}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B5E32B4-994F-4AF6-B7A1-2CD2F6FF2A6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8332F8EA-995F-4FE2-81B3-494E96B334FC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{942883F9-125A-4FBC-A0D8-8AA51C6AE574}" = lport=138 | protocol=17 | dir=in | app=system |
"{993658BD-2CD0-4E0A-B63D-CE161697D8BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99EA1A59-C034-43C2-A167-A04EDED7F8B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EB02956-1269-4FA4-863C-E2482700B733}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A2AE5F5C-976C-425A-8AD3-BB89D1757F64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABB7D7A5-691F-473D-881C-FEA3C734C35D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AF0BFA88-E3BF-4BBF-9CC5-5C6647496589}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B014F40E-2E6C-4A3A-909F-E2EB7970252F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C20D7E17-C1B3-418E-A7FF-8E1A0EDD4578}" = lport=445 | protocol=6 | dir=in | app=system |
"{C291FCA2-37B6-44BF-AE21-F1FF606F1EA1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2AE3F01-B69B-4AAF-89F4-41CC56319995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D4A29BCE-9AD4-4D67-B001-D3BAABF0FA57}" = rport=445 | protocol=6 | dir=out | app=system |
"{E060E81E-3040-4D8A-B6F1-6DEC482DEDF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0A7DF85-81B5-4884-820D-C650391FB318}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FA2C6807-0E25-48E0-8937-9B21597611A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DA498A-C08B-4B82-BAF4-EFD453B8C627}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{02D5E593-1726-4DCE-A7D9-402EC91AEBBA}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{05CD5CBB-958C-437A-99B1-6C5E759706C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe |
"{06A3869E-5658-4FF2-B574-99B5E8A95A58}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0A5AF610-E5E1-4FCA-964C-F16B8DFD8250}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E92CEF3-DB66-4746-8C5E-509F1CA11F91}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{1319FE1A-F431-4A16-827C-21F141CCA55C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{135E70A2-7348-43AD-8A6A-E1A57FDB4632}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe |
"{1BBA3BD7-2AB8-44FC-B9BE-AF6451C44E4E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{1E32EB63-4047-4639-AD37-D91FE2D5D0BE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{23D94969-7160-46E9-A117-811D4DE3611D}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{24D5BFF6-9219-4281-B7B5-E03FC89D7C11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{381D476A-2244-46A7-9187-76715B7B3894}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3A1E2D62-5DF8-4FFC-92D2-D59A42DEDE23}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2293\agent.exe |
"{3DD944D9-2F9C-4155-BC8B-571533E510EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{40BC919C-0306-4750-B655-21F64FCF6F61}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{40DF2F10-2A78-46E5-A31D-B9B667EDD22B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{428BAC94-86F7-4BEF-B8DD-0477EC4C50C5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{437AE081-5B75-40DB-9A48-3ED72EE7F7B4}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{46B541D1-EA9C-4F60-B79B-CCB3348200C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{4AA247FB-0151-4A51-990D-0E8060039B8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4ADF802F-EED4-43A5-93FD-A14B7A29F54E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{4D3DC560-02B3-4371-92D7-0C89D5551ACF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{50C057F3-B878-45A7-B5FF-70C8D0168B9F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{531191E1-F9CE-4C50-9382-575AC6CEBC9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5861CFD6-680B-4CCB-8550-841B0B3C03F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DE65E1B-7017-4FE0-AF6C-4508023527B8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{61FA7A41-5E14-4117-9377-866A4E2C11AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{6520DB5E-BFB3-45A7-96F5-676D698D241F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{6BBF457F-6466-4A52-9F1C-318125661FED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{71BD360B-9508-4E9D-89F9-ED9DFC446426}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{747BBB99-A924-4968-B0AC-63DF0D129D9D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{79A3AA14-FAEA-4AAA-BE7F-885CCFF24347}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{7E7804E9-7B2C-48AD-AF11-81AE1B18259D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{82F440DA-D8DC-48FA-969C-9B56ACADFF43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\baldur's gate enhanced edition\bgee.exe |
"{857728AF-FB5E-42BF-AAD3-940C6C3924A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{8891E518-98CC-466E-8E06-75C1C467F5A8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{89A15308-CA32-4965-95B2-3566C3E0438C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90365848-0380-4AD3-B3E4-10A9CC4CFE67}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{99E7F1FA-EFB8-4313-9F9E-FEE2B936197F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CED0867-DB1B-410A-AB93-E2C45620A5D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{A295FC3A-FF04-4E6B-9542-816D65E800EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2EF14A6-9311-4237-A0B5-EE79A62146E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A4108EB3-ECFA-47EA-848D-04D9AB16D93E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A5CD99D8-C94A-40B0-867A-697E831C9B19}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{A8880029-ABD7-4E48-B4E5-A6A95AF47E33}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{ACBDEC61-84DA-4F37-BAE9-B62024C3EF02}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AFB96AD4-AC7F-45F3-A18E-175F6866F6C6}" = protocol=58 | dir=in | app=system |
"{B2C3615E-C358-47CA-B9CF-653934265A9D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{B72B4360-CFEB-4443-96A6-D3AED2A3F6C2}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{B79332C5-58DE-43AF-9D4D-B9F9800101E4}" = protocol=6 | dir=out | app=system |
"{BA5AF0E5-82FA-45CB-B549-260A22420879}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{BC0F15AC-9001-4E25-A7F0-7385B5875291}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{BEC8EAF2-8FC3-4136-BE60-E3502E335DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{C191409D-FCDF-45B8-AA54-4D3D529B2760}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9D7F337-77DF-4F19-9F69-19894FCC023A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\baldur's gate enhanced edition\bgee.exe |
"{DF971900-EA33-479C-B3A1-E205BB90FA33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E23AA742-A83C-4575-BBBB-462C9C914105}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2293\agent.exe |
"{E435EDBD-E1BF-4231-9BCF-7A9AEF289A40}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{E9896273-ED3C-4092-AE9A-FFC4A2CE16F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFC6A455-C14F-4971-93C1-0C8BA8CAEF2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F119EA7A-0F10-46BA-A12C-EA653054E1DE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F1C8B522-91DD-44CD-9F44-276A8B4B1059}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{F66DD35F-1AA3-4BEF-BA07-AE162D86D6CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F74DB41A-6C57-41C7-A341-502826A554AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"TCP Query User{1432E79C-B702-45E8-8970-D458CA3C4A48}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{2807A5F9-0A91-4798-B4D9-5682020165CA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{42400D00-9409-4102-8CD1-973DB6FEE8E8}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{48FC0FCA-8128-4DC3-B30C-457DDD5680D8}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"TCP Query User{981AA33A-B969-46C0-A41F-CC18F801E377}C:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe |
"TCP Query User{A03E0D8C-A80B-4652-97D3-2C3C6EB8EC91}C:\users\***\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\diablo-iii-setup-dede.exe |
"TCP Query User{B38F0B78-4808-4CD4-A2B4-B179A5B5F432}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C0C2B868-EA75-4417-A146-EB6D58B3B2F1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{CB9E4922-2A51-4A4C-AB5E-F9C21F02FC78}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{E9281757-E644-4C30-A570-2CD437526278}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{0A4C0717-3646-48DD-AEE1-7A1105FDFD15}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{0C15BEBB-0766-497E-A93D-D38163EAAC1A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{5557503E-E757-4D58-B9FB-D68FC13CEAF1}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{7A85A203-D706-4715-9E87-50082A643818}C:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\oktalogue\team fortress 2\hl2.exe |
"UDP Query User{91098E3C-8344-4DA6-9C8B-BF0E73B3A1B1}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"UDP Query User{9125BBF8-0910-4417-BC54-0BF4E67B2604}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{9AD7AEDC-C2BB-447D-8BFB-BC9E94D067A1}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{B7A1AEDA-99FD-409D-BA11-A72734EEEACA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{D2A38190-8D5A-49BA-81CF-07A78BFB594D}C:\users\***\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\diablo-iii-setup-dede.exe |
"UDP Query User{DF27A326-9ED5-4817-B42E-5A9B2B3A2CB2}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.4
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.1.0-git-20120217-1212
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2FFBF70A-9D40-4C3C-8F6C-6C3237B419BA}" = Scrolls
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{99A016E1-0840-43AE-8434-A18CEDFA833B}" = LogMeIn Hamachi
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC9B811E-39BC-4813-9E29-B83CCF700010}" = Lenovo EasyCamera
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alice" = Alice-Installationsdateien entfernen
"ANSTOSS 3_is1" = ANSTOSS 3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle.net" = Battle.net
"Diablo III" = Diablo III
"Forte Free" = Forte Free
"Foxit Reader_is1" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"GOGPACKHOTLINEMIAMI_is1" = Hotline Miami
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"PokerStars.net" = PokerStars.net
"Scrolls 1.0.0" = Scrolls
"SopCast" = SopCast 3.4.8
"Steam App 228280" = Baldur's Gate: Enhanced Edition
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 440" = Team Fortress 2
"Steam App 8930" = Sid Meier's Civilization V
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2013 08:11:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2013 08:23:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ OSession Events ]
Error - 18.07.2012 14:06:46 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1525
seconds with 1500 seconds of active time. This session ended with a crash.
Error - 03.05.2013 09:32:00 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2478
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.10.2013 05:18:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 29.10.2013 07:46:19 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 29.10.2013 12:11:37 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 29.10.2013 19:46:54 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 29.10.2013 19:48:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 29.10.2013 19:48:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 30.10.2013 03:19:12 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 30.10.2013 03:21:29 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 30.10.2013 03:21:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 30.10.2013 08:23:41 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
< End of report >
[/CODE] Vielen Dank schon einmal im Voraus! Gruß Flooschi |
| Themen zu winlogon.exe und csrss.exe ---> Trojaner |
| antivir, application/pdf:, avira, bho, browser, desktop, error, firefox, flash player, help, helper, home, homepage, install.exe, logfile, mozilla, object, plug-in, pmmupdate.exe, popup, realtek, registry, security, software, svchost.exe, taskmanager, teamspeak, trojaner, windows |
Baum-Darstellung