Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ADWARE/BProtector.E gefunden!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.12.2013, 12:53   #1
elektr-stude
 
ADWARE/BProtector.E gefunden! - Standard

ADWARE/BProtector.E gefunden!



Hallo Adminteam, ich habe folgendes Problem, nachdem ich meinen Laptop Lenovo Thinkpad Edge s430 hochgefahren habe zeigt mein AVIRA an, den Zugriff auf eine Datei verweigert zu haben: und zwar ADWARE/BProtector.E aus dem Verzeichnis c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll .
QUARANTÄNE
Nach einem Systemscan findet AVIRA noch weitere Bedrohungen gleichen Typs, wenn ich diese in Quarantäne verschieben will, stürzt mein Lappi ab, also Bluescreen und bringt vorher eine Fehlermeldung, das die Energieversorgung unterbrochen wurde. Oder die Fehlermeldung , dass ein PLUG and Play Tool beendet werden musste und Windows unerwartet neugestartet werden muss.


Ich bin mir bei meinem Problem nicht ganz sicher, ob AVIRA nur MALWARE oder VIREN erkannt hat, es kommt mir so vor, dass die Dateien die ich in Quarantäne verschieben soll, das System am Laufen halten. Und wenn ich sie in Quarantäne verschieben will, es dadurch zum Absturz kommt.

hier mein Protokoll:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013
Ran by anton (administrator) on THINKPAD on 03-12-2013 12:12:37
Running from C:\Users\anton\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\AlmPanelPlugin\ALMPanelPlugin.exe
(Siemens AG) C:\Program Files (x86)\Siemens\Automation\WinCC RT Advanced\SmartServer.exe
() C:\ProgramData\DatacardService\DCService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe
() C:\Users\anton\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(OPC Foundation) C:\Program Files (x86)\OPC Foundation\UA\v1.1\GDS\Bin\Opc.Ua.DiscoveryServer.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7epasrv64x.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\pniomgr.exe
(Siemens AG) C:\Windows\SysWOW64\pniopcac.exe
(Siemens AG) C:\Windows\SysWOW64\pniopcac.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Facebook Inc.) C:\Users\anton\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12476520 2012-04-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Ocs_SM] - C:\Users\anton\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-07-10] (OCS)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-04] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\anton\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-11-19] (Facebook Inc.)
MountPoints2: {2e9da78c-3b0f-11e2-9d9b-685d43c59c97} - D:\setup.exe -a
MountPoints2: {950bc952-7b6f-11e2-8c8f-685d43c59c97} - E:\AutoRun.exe
MountPoints2: {950bc965-7b6f-11e2-8c8f-685d43c59c97} - E:\AutoRun.exe
MountPoints2: {e3d0fc16-ddd8-11e1-97ae-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {ea1a2b71-bd46-11e2-978b-685d43c59c97} - F:\Start.exe
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [5941344 2012-05-15] (Lenovo Group Limited)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-04-23] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-10-16] (Iminent)
HKLM-x32\...\Run: [SiemensAutomationFileStorage] - C:\Program Files (x86)\Siemens\Automation\Portal V12\Bin\Siemens.Automation.ObjectFrame.FileStorage.Server.exe [942080 2013-07-11] (Siemens AG)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2011-12-15] ()
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=D0F2BA85-0601-45D7-9E44-5BD027ED0AC4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=84F6B888E33505BE&affID=119828&tsp=4938
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=D0F2BA85-0601-45D7-9E44-5BD027ED0AC4&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0470E7F5-D44C-454D-BF6E-2B20DC5B6ADF} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=40d79757-397a-4dce-92b3-1852c0282e7e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=84F6B888E33505BE&affID=119828&tsp=4938
SearchScopes: HKCU - {1A994184-6809-4841-B0A6-3886B0BF8539} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=40d79757-397a-4dce-92b3-1852c0282e7e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {227A2799-4AA2-4BE9-9FCD-CC06021189FE} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=40d79757-397a-4dce-92b3-1852c0282e7e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {59D59647-0259-4E42-B663-A9C9B1D9DB8B} URL = hxxp://suche.aol.de.anonymize-me.de/?anonymto=687474703A2F2F73756368652E616F6C2E64652F616F6C2F7365617263683F735F69743D7462353077696E616D7026713D7B7365617263685465726D737D&st={searchTerms}&clid=40d79757-397a-4dce-92b3-1852c0282e7e&pid=freewarede&k=0
SearchScopes: HKCU - {676285A0-A974-462F-A0F7-68B7427997F0} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=40d79757-397a-4dce-92b3-1852c0282e7e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {AD5F5513-E272-48C5-980A-0370AC3C22C4} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=40d79757-397a-4dce-92b3-1852c0282e7e&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=D0F2BA85-0601-45D7-9E44-5BD027ED0AC4&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {E51FA3FC-4DC9-4AB9-8306-CAB025D3F62F} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=40d79757-397a-4dce-92b3-1852c0282e7e&pid=freewarede&mode=bounce&k=0
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{253C511C-AB46-4FF7-A3F9-5ECB6FD5298B}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{6A72DD06-49FA-4A0E-A754-2869A9072931}: [NameServer]141.2.22.74,141.2.149.10

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://start.iminent.com/?appId=D0F2BA85-0601-45D7-9E44-5BD027ED0AC4"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\anton\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Website Logon) - C:\Users\anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_1
CHR Extension: (Adblock Plus) - C:\Users\anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (AdBlock) - C:\Users\anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Google Wallet) - C:\Users\anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [nfoleljfffgljekfndmmfbcmhkgeellb] - C:\Users\anton\Gutscheinaffe\gutscheinaffe.crx

==================== Services (Whitelisted) =================

R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [1434848 2013-05-23] (SIEMENS AG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 cortsmartserver; C:\Program Files (x86)\Siemens\Automation\WinCC RT Advanced\SmartServer.exe [567520 2013-07-09] (Siemens AG)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-08-09] (AuthenTec, Inc)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] ()
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [46816 2012-04-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 s7oiehsx64; C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [143072 2013-07-08] (Siemens AG)
R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64X.exe [472288 2013-07-08] (Siemens AG)
R2 SearchAnonymizer; C:\Users\anton\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-07-10] ()
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2905408 2013-11-25] (Iminent)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 UA Local Discovery Server; C:\Program Files (x86)\OPC Foundation\UA\v1.1\GDS\Bin\Opc.Ua.DiscoveryServer.exe [122880 2011-08-26] (OPC Foundation)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-18] (Symantec Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 cortkbdrtmwdf; C:\Windows\system32\drivers\cortkbdrtmwdf.sys [24800 2013-07-09] (Windows (R) Win 7 DDK provider)
R3 dpmconv; C:\Windows\System32\DRIVERS\dpmconv.sys [259584 2013-04-10] (Siemens AG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 s7odpx2x64; C:\Windows\System32\DRIVERS\s7odpx2x64.sys [71168 2012-12-19] (SIEMENS AG)
R3 s7oppinx64; C:\Windows\System32\DRIVERS\s7oppinx64.sys [107520 2012-07-24] (SIEMENS AG)
R3 s7oserix64; C:\Windows\System32\Drivers\s7oserix64.sys [121856 2012-07-24] (SIEMENS AG)
R3 s7osmcax64; C:\Windows\System32\DRIVERS\s7osmcax64.sys [199680 2012-07-24] (SIEMENS AG)
R3 s7osobux64; C:\Windows\System32\DRIVERS\s7osobux64.sys [153600 2012-07-24] (SIEMENS AG)
R3 s7otmcd64x; C:\Windows\System32\Drivers\s7otmcd64x.sys [199680 2012-07-24] (SIEMENS AG)
R3 s7otranx64; C:\Windows\System32\DRIVERS\s7otranx64.sys [260096 2012-07-24] (SIEMENS AG)
R3 s7otsadx64; C:\Windows\System32\DRIVERS\s7otsadx64.sys [196096 2012-07-24] (SIEMENS AG)
R2 s7ousbu64x; C:\Windows\System32\DRIVERS\s7ousbu64x.sys [137216 2013-06-03] (Siemens AG)
R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [83032 2012-05-09] (SIEMENS AG)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [286432 2013-03-22] (SIEMENS AG)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
R3 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada.sys [128000 2013-07-01] (SIEMENS AG)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 12:12 - 2013-12-03 12:13 - 00027941 _____ C:\Users\anton\Downloads\FRST.txt
2013-12-03 12:12 - 2013-12-03 12:12 - 00000000 ____D C:\FRST
2013-12-03 12:11 - 2013-12-03 12:12 - 01959434 _____ (Farbar) C:\Users\anton\Downloads\FRST64.exe
2013-12-03 11:04 - 2013-12-03 11:05 - 00287912 _____ C:\Windows\Minidump\120313-15646-01.dmp
2013-12-03 02:52 - 2013-12-03 02:52 - 00290672 _____ C:\Windows\Minidump\120313-17409-01.dmp
2013-12-03 00:21 - 2013-12-03 00:21 - 00288192 _____ C:\Windows\Minidump\120313-21231-01.dmp
2013-12-03 00:15 - 2013-12-03 00:15 - 00294600 _____ C:\Windows\Minidump\120313-20654-01.dmp
2013-11-28 18:29 - 2013-11-28 18:30 - 00000000 ____D C:\Users\anton\Desktop\defy
2013-11-27 16:12 - 2013-11-27 16:12 - 00000000 ____D C:\Users\anton\AppData\Local\SIEMENS_AG
2013-11-27 16:07 - 2013-11-27 16:07 - 00000000 ____D C:\Users\anton\AppData\Local\Siemens AG
2013-11-27 16:05 - 2013-11-27 16:05 - 04491407 _____ C:\Users\anton\Downloads\foerd45_V12.exe
2013-11-27 15:57 - 2013-11-27 16:07 - 00000000 ____D C:\Users\anton\Desktop\Dün
2013-11-27 15:51 - 2013-11-27 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_cortkbdrtmwdf_01009.Wdf
2013-11-27 15:51 - 2013-07-09 23:23 - 00024800 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\cortkbdrtmwdf.sys
2013-11-27 15:44 - 2013-11-27 15:44 - 00000000 ____D C:\Windows\system32\CommonApplicationData%
2013-11-27 15:44 - 2013-11-27 15:44 - 00000000 ____D C:\ProgramData\OPC Foundation
2013-11-27 15:44 - 2013-11-27 15:44 - 00000000 ____D C:\Program Files (x86)\OPC Foundation
2013-11-27 15:33 - 2013-11-27 15:33 - 01179648 _____ C:\Users\anton\Downloads\Bediengerät in einem STEP7 Projekt verwenden.pdf.crdownload
2013-11-27 15:12 - 2013-11-27 15:12 - 00002440 _____ C:\Users\Public\Desktop\TIA Portal V12.lnk
2013-11-27 14:48 - 2013-11-27 14:48 - 00000000 ____D C:\Users\anton\Desktop\MCT
2013-11-21 13:54 - 2013-11-21 13:54 - 00000000 ____D C:\Users\anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-19 18:24 - 2013-11-19 18:24 - 00000000 ____D C:\Users\anton\AppData\Roaming\Microsoft Corporation
2013-11-19 14:54 - 2013-11-19 14:54 - 00000000 ____D C:\Python26
2013-11-19 14:45 - 2013-11-19 14:46 - 00000000 ____D C:\Python32
2013-11-19 14:40 - 2013-11-19 14:48 - 00000982 _____ C:\Users\UpdatusUser\Desktop\SciDAVis.lnk
2013-11-19 14:40 - 2013-11-19 14:48 - 00000982 _____ C:\Users\anton\Desktop\SciDAVis.lnk
2013-11-19 14:40 - 2013-11-19 14:40 - 00000000 ____D C:\Users\anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SciDAVis
2013-11-19 14:40 - 2013-11-19 14:40 - 00000000 ____D C:\Program Files (x86)\SciDAVis
2013-11-19 13:12 - 2013-11-19 13:12 - 00001066 _____ C:\Users\anton\Desktop\PhilipsBT - Verknüpfung.lnk
2013-11-17 23:58 - 2013-11-17 23:58 - 59670528 _____ C:\Users\anton\Downloads\M2U00425.MPG
2013-11-15 03:04 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 03:04 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 03:04 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 03:04 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 03:04 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 03:04 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 03:04 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 03:04 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 03:04 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 03:04 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 10:07 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 10:07 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 10:07 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 10:07 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 10:07 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 10:07 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 10:07 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 10:07 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 10:07 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 10:07 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 10:07 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 10:07 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 10:07 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 10:07 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 10:07 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 10:07 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 10:07 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 10:07 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 10:07 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 10:07 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 10:07 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 10:07 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 10:07 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 10:07 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 10:07 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 10:07 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 10:07 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 10:07 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 10:07 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 10:07 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 11:58 - 2013-11-13 11:58 - 00012659 _____ C:\WirelessDiagLog.csv
2013-11-06 18:18 - 2013-11-06 18:18 - 00000000 ____D C:\Users\anton\Desktop\Drucken

==================== One Month Modified Files and Folders =======

2013-12-03 12:13 - 2013-12-03 12:12 - 00027941 _____ C:\Users\anton\Downloads\FRST.txt
2013-12-03 12:12 - 2013-12-03 12:12 - 00000000 ____D C:\FRST
2013-12-03 12:12 - 2013-12-03 12:11 - 01959434 _____ (Farbar) C:\Users\anton\Downloads\FRST64.exe
2013-12-03 12:04 - 2009-07-14 05:45 - 00036416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 12:04 - 2009-07-14 05:45 - 00036416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 11:46 - 2012-08-04 03:28 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 11:18 - 2012-10-13 23:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 11:12 - 2012-08-04 03:09 - 01756690 _____ C:\Windows\WindowsUpdate.log
2013-12-03 11:11 - 2012-08-04 12:58 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-12-03 11:11 - 2012-08-04 12:58 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-12-03 11:11 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 11:10 - 2013-04-02 02:29 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-03 11:06 - 2013-04-04 21:21 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-03 11:06 - 2012-08-04 03:16 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-12-03 11:05 - 2013-12-03 11:04 - 00287912 _____ C:\Windows\Minidump\120313-15646-01.dmp
2013-12-03 11:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 11:04 - 2012-11-28 19:06 - 737777816 _____ C:\Windows\MEMORY.DMP
2013-12-03 11:04 - 2012-11-28 19:06 - 00000000 ____D C:\Windows\Minidump
2013-12-03 11:04 - 2009-07-14 05:51 - 00107277 _____ C:\Windows\setupact.log
2013-12-03 02:57 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-03 02:52 - 2013-12-03 02:52 - 00290672 _____ C:\Windows\Minidump\120313-17409-01.dmp
2013-12-03 02:38 - 2012-11-19 22:33 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2370775708-1144832967-3419847468-1001UA.job
2013-12-03 00:21 - 2013-12-03 00:21 - 00288192 _____ C:\Windows\Minidump\120313-21231-01.dmp
2013-12-03 00:15 - 2013-12-03 00:15 - 00294600 _____ C:\Windows\Minidump\120313-20654-01.dmp
2013-12-03 00:10 - 2013-05-31 21:46 - 00000000 ____D C:\Users\anton\AppData\Roaming\vlc
2013-12-02 22:38 - 2012-11-19 22:33 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2370775708-1144832967-3419847468-1001Core.job
2013-12-02 22:30 - 2013-06-28 18:36 - 00000000 ____D C:\Users\anton\AppData\Roaming\dvdcss
2013-12-02 22:27 - 2012-11-05 19:08 - 00000000 ____D C:\Users\anton\AppData\Roaming\MediaMonkey
2013-12-02 17:44 - 2013-01-14 10:07 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C4D75DF-5CB1-4404-8439-6D91E3D7B709}
2013-12-02 09:54 - 2012-10-13 15:51 - 00000000 ____D C:\Users\anton\AppData\Roaming\Spotify
2013-12-01 17:02 - 2012-08-04 03:16 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-11-28 18:57 - 2013-08-16 09:00 - 00000000 ____D C:\Users\anton\Documents\Atmel
2013-11-28 18:57 - 2012-10-17 13:36 - 00000000 ____D C:\Users\anton\AppData\Roaming\VisualAssist
2013-11-28 18:57 - 2012-10-17 13:36 - 00000000 ____D C:\Users\anton\AppData\Local\VisualAssist
2013-11-28 18:30 - 2013-11-28 18:29 - 00000000 ____D C:\Users\anton\Desktop\defy
2013-11-28 17:51 - 2012-10-13 23:10 - 00000000 ____D C:\Users\anton\Documents\888poker
2013-11-27 16:12 - 2013-11-27 16:12 - 00000000 ____D C:\Users\anton\AppData\Local\SIEMENS_AG
2013-11-27 16:07 - 2013-11-27 16:07 - 00000000 ____D C:\Users\anton\AppData\Local\Siemens AG
2013-11-27 16:07 - 2013-11-27 15:57 - 00000000 ____D C:\Users\anton\Desktop\Dün
2013-11-27 16:05 - 2013-11-27 16:05 - 04491407 _____ C:\Users\anton\Downloads\foerd45_V12.exe
2013-11-27 15:53 - 2013-05-15 11:24 - 00000000 ____D C:\ProgramData\Siemens
2013-11-27 15:51 - 2013-11-27 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_cortkbdrtmwdf_01009.Wdf
2013-11-27 15:51 - 2013-05-15 11:27 - 00000000 ____D C:\Program Files\Common Files\Siemens
2013-11-27 15:51 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
2013-11-27 15:44 - 2013-11-27 15:44 - 00000000 ____D C:\Windows\system32\CommonApplicationData%
2013-11-27 15:44 - 2013-11-27 15:44 - 00000000 ____D C:\ProgramData\OPC Foundation
2013-11-27 15:44 - 2013-11-27 15:44 - 00000000 ____D C:\Program Files (x86)\OPC Foundation
2013-11-27 15:44 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-11-27 15:36 - 2009-07-14 05:45 - 00476056 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-27 15:35 - 2010-11-21 04:47 - 00754128 _____ C:\Windows\PFRO.log
2013-11-27 15:33 - 2013-11-27 15:33 - 01179648 _____ C:\Users\anton\Downloads\Bediengerät in einem STEP7 Projekt verwenden.pdf.crdownload
2013-11-27 15:18 - 2013-05-15 11:37 - 00002485 _____ C:\Users\Public\Desktop\Automation License Manager.lnk
2013-11-27 15:12 - 2013-11-27 15:12 - 00002440 _____ C:\Users\Public\Desktop\TIA Portal V12.lnk
2013-11-27 15:12 - 2012-10-13 13:39 - 00125528 _____ C:\Users\anton\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-27 15:08 - 2012-08-04 03:11 - 00162750 _____ C:\Windows\DPINST.LOG
2013-11-27 14:48 - 2013-11-27 14:48 - 00000000 ____D C:\Users\anton\Desktop\MCT
2013-11-27 14:36 - 2013-05-15 11:48 - 00000000 __SHD C:\AX NF ZZ
2013-11-27 11:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-26 16:30 - 2013-08-16 09:00 - 00000000 ____D C:\Users\anton\Documents\Atmel Studio
2013-11-23 14:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-23 12:32 - 2012-10-14 11:45 - 00000000 ____D C:\ldiag
2013-11-21 21:08 - 2013-10-22 08:11 - 00000000 ____D C:\Users\anton\Artur
2013-11-21 16:49 - 2013-10-09 10:44 - 00000000 ____D C:\Users\anton\Desktop\G. Energietechnik
2013-11-21 16:33 - 2013-09-15 00:15 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-21 13:54 - 2013-11-21 13:54 - 00000000 ____D C:\Users\anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-19 18:24 - 2013-11-19 18:24 - 00000000 ____D C:\Users\anton\AppData\Roaming\Microsoft Corporation
2013-11-19 14:54 - 2013-11-19 14:54 - 00000000 ____D C:\Python26
2013-11-19 14:48 - 2013-11-19 14:40 - 00000982 _____ C:\Users\UpdatusUser\Desktop\SciDAVis.lnk
2013-11-19 14:48 - 2013-11-19 14:40 - 00000982 _____ C:\Users\anton\Desktop\SciDAVis.lnk
2013-11-19 14:46 - 2013-11-19 14:45 - 00000000 ____D C:\Python32
2013-11-19 14:40 - 2013-11-19 14:40 - 00000000 ____D C:\Users\anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SciDAVis
2013-11-19 14:40 - 2013-11-19 14:40 - 00000000 ____D C:\Program Files (x86)\SciDAVis
2013-11-19 13:12 - 2013-11-19 13:12 - 00001066 _____ C:\Users\anton\Desktop\PhilipsBT - Verknüpfung.lnk
2013-11-18 14:27 - 2013-10-31 12:33 - 00000000 ____D C:\Users\anton\Desktop\Leistungselektronik
2013-11-17 23:58 - 2013-11-17 23:58 - 59670528 _____ C:\Users\anton\Downloads\M2U00425.MPG
2013-11-15 03:04 - 2013-05-14 11:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 20:32 - 2013-10-25 18:44 - 00000000 ____D C:\Users\anton\Desktop\elektronik
2013-11-13 11:58 - 2013-11-13 11:58 - 00012659 _____ C:\WirelessDiagLog.csv
2013-11-12 13:21 - 2013-10-17 20:11 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-11-12 12:07 - 2013-04-02 02:29 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-08 15:11 - 2013-07-10 00:33 - 00000000 ____D C:\Users\anton\AppData\Roaming\DesktopIconForAmazon
2013-11-08 14:55 - 2013-10-17 20:12 - 00000000 ____D C:\Program Files (x86)\IminentToolbar
2013-11-08 14:54 - 2013-10-30 19:42 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-11-08 14:53 - 2013-10-30 20:15 - 00000000 ____D C:\Users\anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2013-11-08 14:53 - 2013-10-30 20:15 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2013-11-08 14:53 - 2013-09-29 12:19 - 00000000 ____D C:\Windows\system32\appmgmt
2013-11-07 21:00 - 2012-10-13 13:40 - 00000000 ____D C:\Users\anton\AppData\Local\Google
2013-11-06 18:18 - 2013-11-06 18:18 - 00000000 ____D C:\Users\anton\Desktop\Drucken

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.9700.dll


Some content of TEMP:
====================
C:\Users\anton\AppData\Local\Temp\0evmz5fi.dll
C:\Users\anton\AppData\Local\Temp\0snbluo1.dll
C:\Users\anton\AppData\Local\Temp\3aq97ofv.dll
C:\Users\anton\AppData\Local\Temp\4ufohuyh.dll
C:\Users\anton\AppData\Local\Temp\AskSLib.dll
C:\Users\anton\AppData\Local\Temp\avgnt.exe
C:\Users\anton\AppData\Local\Temp\bxprqh7f.dll
C:\Users\anton\AppData\Local\Temp\dfvcli6m.dll
C:\Users\anton\AppData\Local\Temp\i4jdel0.exe
C:\Users\anton\AppData\Local\Temp\IminentSetup-1-.exe
C:\Users\anton\AppData\Local\Temp\jhrae1bd.dll
C:\Users\anton\AppData\Local\Temp\jsha5z2z.dll
C:\Users\anton\AppData\Local\Temp\MotoHelper_2.0.49_Driver_5.0.0.exe
C:\Users\anton\AppData\Local\Temp\proxy_vole2652939297430304264.dll
C:\Users\anton\AppData\Local\Temp\setup.exe
C:\Users\anton\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\anton\AppData\Local\Temp\si_gutscheinaffe.exe
C:\Users\anton\AppData\Local\Temp\uninst1.exe
C:\Users\anton\AppData\Local\Temp\vis-de.exe
C:\Users\anton\AppData\Local\Temp\v_nvfyra.dll
C:\Users\anton\AppData\Local\Temp\wzcybt2a.dll
C:\Users\anton\AppData\Local\Temp\x_ylqvhs.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 20:15

==================== End Of Log ============================
         
--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013
Ran by anton at 2013-12-03 12:13:59
Running from C:\Users\anton\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
888poker (x32)
Absolute Reminder (x32 Version: 2.0.0.19)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (x32 Version: 11.3.300.257)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Android SDK Tools (x32 Version: 1.16)
Anzeige am Bildschirm (Version: 6.72.00)
Atmel Software Framework (x32 Version: 3.1.121)
Atmel Studio 6.0 (x32 Version: 6.0.1843)
Atmel USB (x32 Version: 10.6)
Avira Free Antivirus (x32 Version: 14.0.1.759)
BitGuard (x32)
Compatibility Check Tool TIA -  TIACOMPCHECK Single SetupPackage  V11.0 + SP1 (x32 Version: 11.00.0100)
Create Recovery Media (x32 Version: 1.20.0.00)
D3DX10 (x32 Version: 15.4.2368.0902)
DC++ 0.750 (x32 Version: 0.750)
Dolby Home Theater v4 (x32 Version: 7.2.7000.11)
Dropbox (HKCU Version: 2.0.22)
Energie-Manager (x32 Version: 6.32)
Evernote v. 4.2.3 (x32 Version: 4.2.3.15)
ExpressCache (Version: 1.0.86)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fingerprint Reader (Version: 5.4.100.233)
Fotogalerie (x32 Version: 16.4.3508.0205)
Gatherer Extractor v3.6a (x32 Version: 3.6a)
Google Chrome (x32 Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
iLivid (x32 Version: 4.0.0.2208) <==== ATTENTION
Iminent (x32 Version: 6.42.32.0) <==== ATTENTION
Integrated Camera Driver Installer Package Ver.1.2.1.16 (x32 Version: 1.2.1.16)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2696)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.0.0140)
Intel(R) Update Manager (x32 Version: 1.0.0.34813)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel(R) WiDi (Version: 3.1.29.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 7 (x32 Version: 7.0.70)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Java SE Development Kit 7 Update 7 (64-bit) (Version: 1.7.0.70)
Java SE Development Kit 7 Update 7 (x32 Version: 1.7.0.70)
Java SE Development Kit 7 Update 9 (64-bit) (Version: 1.7.0.90)
Java(TM) 6 Update 37 (64-bit) (Version: 6.0.370)
JDownloader 2 (Version: 2.0)
JLink OB CDC Driver Package (Version: 1.2.1)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
Lenovo Auto Scroll Utility (Version: 2.00)
Lenovo Patch Utility (x32 Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Power Management Driver (Version: 1.65.05.21)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo SimpleTap (Version: 3.2.0004.00)
Lenovo Solution Center (Version: 2.1.003.00)
Lenovo Solutions for Small Business (x32)
Lenovo Solutions for Small Business Customizations (x32 Version: 1.0.0006.00)
Lenovo System Update (x32 Version: 5.02.0018)
Lenovo User Guide (x32 Version: 1.0.0009.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 3.1.0020.00)
Magic Workstation 0.94f (x32)
MediaMonkey 4.0 (x32 Version: 4.0)
Message Center Plus (Version: 3.1.0004.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SOAP Toolkit 3.0 (x32 Version: 3.0.1325.4)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (x32 Version: 10.0.40219)
Mobile Partner (x32 Version: 16.002.03.03.511)
MotoHelper 2.1.32 Driver 5.4.0 (x32 Version: 2.1.32)
MotoHelper MergeModules (x32 Version: 1.2.0)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Movie Maker (x32 Version: 16.4.3508.0205)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MTG Card Images for Magic Workstation (x32)
MTG GamePack for Magic Workstation (x32)
Native Instruments Controller Editor (Version: 1.5.2.1142)
Native Instruments Controller Editor (x32)
Native Instruments Service Center (Version: 2.3.2.926)
Native Instruments Service Center (x32)
Native Instruments Traktor 2 (Version: 2.6.1.15205)
Native Instruments Traktor 2 (x32 Version: 2.6.1.15205)
NCM GPRS 64 (Version: 01.01.0000)
NVIDIA Grafiktreiber 295.68 (Version: 295.68)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.12 (Version: 1.7.12)
NVIDIA Systemsteuerung 295.68 (Version: 295.68)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
OPC .NET API 2.00 Redistributables (x86) 101.0 (x32 Version: 2.00.10200)
OPC Core Components Redistributable (x86) 101.2 (x32 Version: 3.00.10102)
OPC UA SDK 1.1 Redistributables 331.0 (x32 Version: 1.01.33100)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PlanMaker Viewer (x32)
Python 2.6.4 (x32 Version: 2.6.4150)
Python 3.2.3 (x32 Version: 3.2.3150)
RapidBoot HDD Accelerator (x32 Version: 1.00.0802)
RapidBoot Shield (Version: 1.23)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6612)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005)
Reloop ASIO Driver 1.10 (Version: 1.10)
SciDAVis 0.2.4 (x32 Version: 0.2.4)
SearchAnonymizer (Version: 1.0.1 (de))
SeCon (x32 Version: 02.00.0001)
Secure Download Manager (x32 Version: 3.1.0)
SES Driver (Version: 1.0.0)
Siemens Automation License Manager (Version: 05.02.0100)
Siemens Automation License Manager V5.2 + SP1   (Version: 05.02.0100)
SIEMENS OPC (x32 Version: 03.09.0200)
Siemens Totally Integrated Automation Portal V12 (x32 Version: V12)
SIMATIC Device Drivers (Version: 01.02.0000)
SIMATIC Device Drivers WoW (x32 Version: 20.02.0000)
SIMATIC Event Database (x32 Version: 05.05.0300)
SIMATIC HMI License Manager Panel Plugin (x64) (Version: 11.00.0200)
SIMATIC HMI Symbol Library (x32 Version: 12.00.0100)
SIMATIC HMI Touch Input (x32 Version: 12.00.0000)
SIMATIC NCM FWL 64 (Version: 05.05.0400)
SIMATIC PLCSIM 64 (Version: 01.00.0001)
SIMATIC Prosave (x32 Version: 10.00.0100)
SIMATIC Prosave V10.0 incl. SP1   (x32 Version: 10.00.0100)
SIMATIC S7-PLCSIM (x32 Version: 5.4.0502)
SIMATIC S7-PLCSIM V5.4 + SP5 + Upd2   (x32 Version: 5.4.0502)
SIMATIC WinCC Runtime Advanced - HMIRTM Simulation Single SetupPackage  V12.0 + SP1 (x32 Version: 12.00.0100)
SIMATIC WinCC Runtime Advanced Driver (x64) (Version: 12.00.0100)
SIMATIC WinCC Runtime Advanced V12.0 SP1 (x32 Version: V12.0 SP1)
Skype™ 6.7 (x32 Version: 6.7.102)
Splashtop Software Updater (x32 Version: 1.5.6.14)
Splashtop Streamer (x32 Version: 2.2.0.0)
Spotify (HKCU Version: 0.9.4.178.g259772ba)
SugarSync Manager (x32 Version: 1.9.96.111090)
ThinkPad UltraNav Driver (Version: 16.1.4.17)
ThinkVantage Communications Utility (Version: 3.0.34.0)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.77.0.11)
TIA Portal Single SetupPackage - Hardware Support Base Package 0  V12.0 (x32 Version: 12.00.0000)
TIA Portal Single SetupPackage - Hardware Support Base Package 02  V12.0 (x32 Version: 12.00.0000)
TIA Portal Single SetupPackage - Hardware Support Base Package 03  V12.0 (x32 Version: 12.00.0000)
TIA Portal Single SetupPackage - Hardware Support Base Package WCF-01  V12.0 (x32 Version: 12.00.0000)
TIA Portal Single SetupPackage - HM All Editions Single SetupPackage  V12.0 + SP1 (x32 Version: 12.00.0100)
TIA Portal Single SetupPackage - HM NoBasic Single SetupPackage  V12.0 + SP1 (x32 Version: 12.00.0100)
TIA Portal Single SetupPackage - Simatic Single SetupPackage  V12.0 + SP1 (x32 Version: 12.00.0100)
TIA Portal Single SetupPackage - STEP 7 Single SetupPackage  V12.0 + SP1 (x32 Version: 12.00.0100)
TIA Portal Single SetupPackage - Support Base Package TO-01  V12.0 (x32 Version: 12.00.0000)
TIA Portal Single SetupPackage - Support Base Package TO-02  V12.0 (x32 Version: 12.00.0000)
TIA Portal Single SetupPackage - TIA Tour Single SetupPackage  V12.0 + SP1 (x32 Version: 12.00.0100)
TIA Portal Single SetupPackage - TIACOMPCHECK Single SetupPackage  V12.0 + SP1 (x32 Version: 12.00.0100)
TIA Portal Single SetupPackage - WinCC Single SetupPackage  V12.0 + SP1 (x32 Version: 12.00.0100)
Totally Integrated Automation Portal V12 -  TIA Portal Single SetupPackage  V12.0 + SP1 (x32 Version: 12.00.0100)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VC User 71 RTL X86 --- (x32 Version: 1.0)
VIP Access (x32 Version: 2.0.5.13)
VirtualDJ PRO Full (x32 Version: 7.2)
VIS (x32)
VLC media player 2.0.6 (Version: 2.0.6)
WinCC Runtime Advanced Simulator (x32 Version: 12.00.0000)
WinCC Runtime Advanced V12 -  SIMATIC WinCC Runtime Advanced  V12.0 + SP1 (x32 Version: 12.00.0100)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (Version: 01/19/2011 1.0.0009.0)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows-Treiberpaket - Intel (iaStor) hdc  (02/01/2012 11.1.0.1006) (Version: 02/01/2012 11.1.0.1006)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (Version: 02/29/2012 1.65.05.20)
Windows-Treiberpaket - Segger (jlink_ob_x64) USB  (03/13/2012 2.6.6.2) (Version: 03/13/2012 2.6.6.2)
Windows-Treiberpaket - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4) (Version: 01/25/2012 6.0.2600.4)
Windows-Treiberpaket - Synaptics (SmbDrvAMDASF) System  (06/21/2012 16.1.4.17) (Version: 06/21/2012 16.1.4.17)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (06/21/2012 16.1.4.17) (Version: 06/21/2012 16.1.4.17)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

29-11-2013 02:00:33 Windows Update
03-12-2013 10:10:43 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02535D0D-7CB0-473D-A6DE-9653624CFDD8} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {0CA2C660-228A-41B2-9908-A3A405C04475} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {209F20DB-7DBE-49D2-9DDA-13A5569AE534} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {2CC915A9-3D48-4A7B-BD66-8D649D20881C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2370775708-1144832967-3419847468-1001Core => C:\Users\anton\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-19] (Facebook Inc.)
Task: {36814A39-0887-4FD6-A41B-E9F85095890E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {47359698-8E3A-4FB1-9F6E-C21926EC744F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {575EA4AA-069D-4AD7-BBE9-508113D2D5EC} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {57BB2906-C088-486E-B762-E619CA1B6371} - System32\Tasks\{EAC458E8-DD40-467B-949D-EF003D185979} => C:\Users\anton\Downloads\Veedel Kaztro - Bdchen Tape 2012.rar.exe
Task: {5835A07D-B726-46B9-A2A1-DFD9757100D8} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {69548E76-92F0-4E70-B723-3E3C8E1CC701} - System32\Tasks\{BE0ECA60-747E-443A-98E5-27768BFF4EBA} => C:\Users\anton\Downloads\Veedel Kaztro - Bdchen Tape 2012.rar.exe
Task: {6CB72390-FD8F-431A-8331-3F850159F6A9} - System32\Tasks\EPUpdater => C:\Users\anton\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {79CE6693-D704-46E0-94CD-87C90C5646CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2370775708-1144832967-3419847468-1001UA => C:\Users\anton\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-19] (Facebook Inc.)
Task: {9B5CF61C-25F6-4EA9-B055-29F68865F942} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {B90151CF-2A49-4560-816F-4C152EBEF5B5} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2012-05-15] (Lenovo)
Task: {B9D76AB9-ACFB-48A9-9567-A443C4A6D60C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {BA6C0BBA-2237-4A01-9F78-DF03B32F257B} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {BBC3D8B8-43A3-464B-A344-A46B943BC482} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for ThinkPad.anton => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {C4AC4BAE-6D70-4475-ACDA-DA0811A19C6D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {C886110D-F51F-4C5A-976A-7243CFEED91C} - System32\Tasks\preispilotSWU => C:\Program Files (x86)\preispilot\swu.vbs"C:\Program Files (x86)\preispilot\swu.vbs"
Task: {CF77CF88-49B0-4CF1-A683-DDE0BC6F8465} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert
Task: {D48554E4-3166-4C61-849B-C15AB5D4554B} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {F3E735FC-483C-4030-8865-EC3CA0A4956D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-04] (Google Inc.)
Task: {F9C61736-79AC-4DBC-AB38-2CCDA1056822} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13] (Adobe Systems Incorporated)
Task: {FF0C3D5B-A637-4E68-A0F3-0AC1233B1533} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\elbyExecuteWithUAC.job => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2370775708-1144832967-3419847468-1001Core.job => C:\Users\anton\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2370775708-1144832967-3419847468-1001UA.job => C:\Users\anton\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec7503288682c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2013-11-21 13:54 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll
2012-08-04 03:24 - 2012-05-15 22:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-08-09 02:27 - 2012-08-09 02:27 - 01163624 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll
2012-08-09 02:28 - 2012-08-09 02:28 - 00087912 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll
2012-08-04 03:13 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-09 23:39 - 2013-07-09 23:39 - 00064224 _____ () C:\Program Files (x86)\Siemens\Automation\WinCC RT Advanced\zlib.dll
2012-08-04 03:26 - 2012-01-17 07:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2012-08-04 03:25 - 2011-08-02 03:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2012-08-04 03:25 - 2011-08-02 03:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-06-05 14:22 - 2013-06-05 14:22 - 00766176 _____ () C:\Windows\SysWOW64\sn_regbase.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-08-04 03:28 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2012-08-04 03:15 - 2012-02-21 21:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-04 03:36 - 2012-04-23 14:03 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\ProcessPrivileges.dll
2012-08-04 03:36 - 2012-04-23 14:03 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\System.ComponentModel.Composition.dll
2012-08-04 03:36 - 2012-04-23 14:03 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Interop.TaskScheduler.dll
2013-11-17 10:52 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-17 10:52 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-17 10:52 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-17 10:52 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-17 10:52 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2012-11-18 23:23 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-18 23:23 - 2012-09-19 18:17 - 00397088 _____ () c:\program files (x86)\avira\antivir desktop\sqlite3.dll
2013-02-05 21:57 - 2013-02-05 21:57 - 00282112 _____ () C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\anton\Desktop\Milan - Mainz.eml:OECustomProperty
AlternateDataStreams: C:\Users\anton\Desktop\Milan.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2013 11:05:37 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 15.1.0.2, Zeitstempel: 0x4f4a262d
Name des fehlerhaften Moduls: MurocApi.dll, Version: 15.1.0.1, Zeitstempel: 0x4f4a2503
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002084b
ID des fehlerhaften Prozesses: 0xf20
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3

Error: (12/03/2013 11:05:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 02:53:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 00:41:44 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/03/2013 00:21:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 00:15:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 15.1.0.2, Zeitstempel: 0x4f4a262d
Name des fehlerhaften Moduls: MurocApi.dll, Version: 15.1.0.1, Zeitstempel: 0x4f4a2503
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002084b
ID des fehlerhaften Prozesses: 0xf10
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3

Error: (12/03/2013 00:15:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 05:40:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 00:00:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2013 10:13:31 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"


System errors:
=============
Error: (12/03/2013 11:06:48 AM) (Source: DCOM) (User: )
Description: 1053Bluetooth Media Service{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}

Error: (12/03/2013 11:06:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/03/2013 11:06:44 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Media Service erreicht.

Error: (12/03/2013 11:06:18 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/03/2013 11:06:14 AM) (Source: ipnathlp) (User: )
Description: 192.168.1.38192.168.137.0255.255.255.0

Error: (12/03/2013 11:06:14 AM) (Source: ipnathlp) (User: )
Description: 

Error: (12/03/2013 11:05:57 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/03/2013 11:05:29 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.

Error: (12/03/2013 11:05:01 AM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8008d8ca80, 0xfffffa8008d8cd60, 0xfffff800037d67b0)C:\Windows\MEMORY.DMP120313-15646-01

Error: (12/03/2013 11:04:57 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎03.‎12.‎2013 um 02:56:43 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-08 14:49:48.666
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 14:49:48.250
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 11:20:09.955
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 11:20:09.229
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 11:20:09.024
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-08 11:20:08.666
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 21:34:16.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 15:34:30.253
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 14:26:26.426
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 14:26:25.348
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 76%
Total physical RAM: 3689.9 MB
Available physical RAM: 853.7 MB
Total Pagefile: 7377.98 MB
Available Pagefile: 3258.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:186.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:3.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: E6895633)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
 Could not read MBR for disk 1.

==================== End Of Log ============================
         
--- --- ---




Vielen Dank für die HIlfe!!

Geändert von elektr-stude (03.12.2013 um 13:37 Uhr)

Alt 03.12.2013, 13:06   #2
schrauber
/// the machine
/// TB-Ausbilder
 

ADWARE/BProtector.E gefunden! - Standard

ADWARE/BProtector.E gefunden!



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Antwort

Themen zu ADWARE/BProtector.E gefunden!
absturz, adblock, adware/bprotector.e, antivir, antivirus, avira, bildschirm, bluescreen, browser, desktop, email, error, excel, feedback, festplatte, flash player, google, home, installation, malware, minidump, problem, pwmtr64v.dll, realtek, registry, software, svchost.exe, symantec, viren, windows



Ähnliche Themen: ADWARE/BProtector.E gefunden!


  1. Viren (APPL/RedCap (Cloud), SPR/Agent.dkb, TR/Drop.Rotbrow.K.1, ADWARE/InstallCore.Gen7 und zweimal ADWARE/BHO.Bprotector.1.4).
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (7)
  2. ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen
    Log-Analyse und Auswertung - 26.09.2014 (11)
  3. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  4. adware/bprotector.E
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (26)
  5. Adware/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (8)
  6. ADWARE/BHO.Bprotector.1.4
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (15)
  7. Und wieder Adware/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 10.12.2013 (15)
  8. ADWARE/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (43)
  9. Windows 7 - ADWARE/BPROTECTOR.E
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (7)
  10. ADWARE/BProtector.E bei mir
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (5)
  11. Adware/BProtector.E gefunden
    Log-Analyse und Auswertung - 05.12.2013 (5)
  12. Adware/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 05.12.2013 (6)
  13. ADWARE/BProtector.E
    Log-Analyse und Auswertung - 03.12.2013 (13)
  14. BHO.Bprotector.1.2 und Adware.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (5)
  15. Adware.BProtector gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.10.2013 (13)
  16. Bprotector von sophos gefunden als Adware und in Quarantäne geschickt
    Log-Analyse und Auswertung - 03.09.2013 (5)
  17. bprotector adware gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (19)

Zum Thema ADWARE/BProtector.E gefunden! - Hallo Adminteam, ich habe folgendes Problem, nachdem ich meinen Laptop Lenovo Thinkpad Edge s430 hochgefahren habe zeigt mein AVIRA an, den Zugriff auf eine Datei verweigert zu haben: und zwar - ADWARE/BProtector.E gefunden!...
Archiv
Du betrachtest: ADWARE/BProtector.E gefunden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.