| |
| |||||||
Log-Analyse und Auswertung: Win32/Small.CA-Virus entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
01.07.2013, 17:49
| #1 |
| |  Win32/Small.CA-Virus entfernen Hallo zusammen Windows zeigt folgende Meldung an: "Entfernen des Win32/Small.CA-Virus. Windows hat Win32/Small.CA, einen bekannten Computervirus, auf Ihrem PC erkannt. Win32/Small.CA hat bewirkt, dss Ihr PC 1 Mal nicht ordnungsgemäss funktioniert hat, zuletzt am/um 29.06.2013 20:32" Den PC habe ich vollständig mit Sophos Endpoint Security Control und Windows Defender gescannt, jedoch mit beiden nichts gefunden. Auf Eurem Forum bin ich auf den Thread von "ElWursto" gestossen (http://www.trojaner-board.de/137286-...-gefunden.html). Es stellt sich nun die Frage, ob ich genau wie in diesem Thread beschrieben, vorgehen soll. Die Vorbereitungen habe ich wie beschrieben vorgenommen. Schritt 1 (defogger) und Schritt 2 (OTL) haben problemlos geklappt (txt-files sogleich), bei Schritt 3 (Gmer-Scanner) hat der PC allerdings dann einen Bluescreen produziert. OTL-text-file: OTL logfile created on: 01.07.2013 16:58:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\aa_trojaner-board 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.70 Gb Total Physical Memory | 5.34 Gb Available Physical Memory | 69.28% Memory free 15.41 Gb Paging File | 12.93 Gb Available in Paging File | 83.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446.72 Gb Total Space | 270.25 Gb Free Space | 60.50% Space Free | Partition Type: NTFS Drive G: | 931.48 Gb Total Space | 669.83 Gb Free Space | 71.91% Space Free | Partition Type: NTFS Drive Q: | 17.58 Gb Total Space | 4.54 Gb Free Space | 25.80% Space Free | Partition Type: NTFS Drive S: | 1.46 Gb Total Space | 0.67 Gb Free Space | 45.95% Space Free | Partition Type: NTFS Computer Name: THINKPAD-T | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.01 16:56:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\aa_trojaner-board\OTL.exe PRC - [2013.06.06 23:57:24 | 019,676,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2013.05.30 16:01:56 | 000,364,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2013.05.30 16:01:10 | 000,167,736 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2013.05.29 18:00:30 | 000,187,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe PRC - [2013.05.29 18:00:24 | 000,293,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe PRC - [2013.05.29 18:00:20 | 000,073,000 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2013.05.29 17:59:58 | 000,058,664 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.23 06:54:00 | 001,667,368 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE PRC - [2013.04.23 06:54:00 | 000,127,784 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2013.04.22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe PRC - [2013.03.21 16:12:24 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2013.03.21 08:10:10 | 005,687,152 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe PRC - [2013.03.21 08:09:20 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe PRC - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2013.03.18 17:25:40 | 000,846,120 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2013.03.18 17:25:22 | 000,194,856 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe PRC - [2013.03.18 17:07:58 | 000,602,112 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2013.02.24 14:36:40 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe PRC - [2013.02.24 14:36:39 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe PRC - [2013.02.24 14:35:32 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2013.02.24 14:34:22 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2013.02.24 14:33:42 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2013.01.10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.05 07:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe PRC - [2012.09.14 08:15:44 | 000,583,744 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE PRC - [2012.08.25 11:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe PRC - [2012.06.13 17:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe PRC - [2012.05.16 02:45:22 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe PRC - [2012.04.19 10:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe PRC - [2012.04.19 09:32:12 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe PRC - [2010.08.31 15:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2010.03.12 00:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013.07.01 16:43:31 | 001,022,416 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\windows._cacheinvalidation.pyd MOD - [2013.07.01 16:43:31 | 000,805,888 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._gdi_.pyd MOD - [2013.07.01 16:43:31 | 000,557,056 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\pysqlite2._sqlite.pyd MOD - [2013.07.01 16:43:31 | 000,364,544 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\pythoncom27.dll MOD - [2013.07.01 16:43:31 | 000,320,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32com.shell.shell.pyd MOD - [2013.07.01 16:43:31 | 000,128,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_elementtree.pyd MOD - [2013.07.01 16:43:31 | 000,098,816 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32api.pyd MOD - [2013.07.01 16:43:31 | 000,087,040 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_ctypes.pyd MOD - [2013.07.01 16:43:31 | 000,070,656 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._html2.pyd MOD - [2013.07.01 16:43:31 | 000,044,032 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_socket.pyd MOD - [2013.07.01 16:43:31 | 000,026,624 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_multiprocessing.pyd MOD - [2013.07.01 16:43:31 | 000,022,528 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32ts.pyd MOD - [2013.07.01 16:43:31 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32profile.pyd MOD - [2013.07.01 16:43:31 | 000,011,264 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32crypt.pyd MOD - [2013.07.01 16:43:30 | 001,175,040 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._core_.pyd MOD - [2013.07.01 16:43:30 | 001,153,024 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_ssl.pyd MOD - [2013.07.01 16:43:30 | 000,811,008 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._windows_.pyd MOD - [2013.07.01 16:43:30 | 000,735,232 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._misc_.pyd MOD - [2013.07.01 16:43:30 | 000,711,680 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_hashlib.pyd MOD - [2013.07.01 16:43:30 | 000,122,368 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._wizard.pyd MOD - [2013.07.01 16:43:30 | 000,119,808 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32file.pyd MOD - [2013.07.01 16:43:30 | 000,110,080 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\pywintypes27.dll MOD - [2013.07.01 16:43:30 | 000,108,544 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32security.pyd MOD - [2013.07.01 16:43:30 | 000,038,912 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32inet.pyd MOD - [2013.07.01 16:43:30 | 000,035,840 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32process.pyd MOD - [2013.07.01 16:43:30 | 000,025,600 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32pdh.pyd MOD - [2013.07.01 16:43:29 | 001,062,400 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._controls_.pyd MOD - [2013.07.01 16:43:29 | 000,686,080 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\unicodedata.pyd MOD - [2013.07.01 16:43:29 | 000,127,488 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\pyexpat.pyd MOD - [2013.07.01 16:43:29 | 000,018,432 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32event.pyd MOD - [2013.07.01 16:43:29 | 000,010,240 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\select.pyd MOD - [2013.05.16 08:02:29 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d701cc56a037e8673e4880ae819b23bf\System.Runtime.Serialization.ni.dll MOD - [2013.05.16 08:02:29 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\8e3479ab33dd0bc6a074003a28d9f28a\System.Runtime.DurableInstancing.ni.dll MOD - [2013.05.15 18:49:07 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d5eb9579d1850678612625ab995629ea\System.Core.ni.dll MOD - [2013.05.15 18:49:03 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\11dfbb7df959cb6dd5b57816141de355\System.Configuration.ni.dll MOD - [2013.05.11 07:13:13 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll MOD - [2013.05.10 16:28:32 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll MOD - [2013.05.10 16:28:21 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll MOD - [2013.05.10 16:28:16 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.10.11 22:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.10.11 22:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.31 18:48:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2011.08.18 19:31:16 | 000,247,096 | ---- | M] () -- C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO\CDRecord.dll MOD - [2006.01.12 21:20:26 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.deu MOD - [2006.01.12 21:13:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA ========== Services (SafeList) ========== SRV:64bit: - [2013.05.29 18:00:30 | 000,187,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM) SRV:64bit: - [2013.05.29 18:00:20 | 000,073,000 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:64bit: - [2013.05.29 17:59:58 | 000,058,664 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe -- (LENOVO.CAMMUTE) SRV:64bit: - [2013.02.08 17:40:34 | 003,386,608 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2013.02.08 17:40:08 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2013.02.08 17:39:48 | 000,621,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2013.02.08 17:39:14 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2013.01.21 08:40:38 | 001,006,384 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2012.12.11 07:22:08 | 000,060,272 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2012.12.10 14:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:64bit: - [2012.12.10 14:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012.12.05 07:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:64bit: - [2012.11.07 20:12:54 | 000,335,288 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe -- (FileOpenManagerService) SRV:64bit: - [2012.09.08 13:21:40 | 000,145,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe -- (TPHKLOAD) SRV:64bit: - [2012.08.25 11:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe -- (LENOVO.MICMUTE) SRV:64bit: - [2012.08.10 20:49:38 | 000,136,288 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV:64bit: - [2012.05.30 01:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV:64bit: - [2011.12.29 08:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.13 08:48:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.30 16:01:56 | 000,364,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013.05.30 16:01:10 | 000,167,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2013.05.24 21:33:18 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.23 06:54:00 | 001,667,368 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2013.04.23 06:54:00 | 001,664,808 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2013.04.23 06:54:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2013.04.22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup) SRV - [2013.04.11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2013.03.21 16:12:24 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2013.03.21 08:09:20 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService) SRV - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.28 02:47:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.24 14:36:40 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2013.02.24 14:35:32 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2013.02.24 14:34:22 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2013.02.24 14:33:42 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2013.02.24 14:32:35 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2013.01.10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.03 13:52:48 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.04.19 10:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService) SRV - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService) SRV - [2010.08.31 15:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.12 00:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.13 15:15:06 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.04.23 06:54:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2013.04.23 06:54:00 | 000,020,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2013.04.17 22:16:38 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2013.04.17 22:16:36 | 000,044,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2013.02.28 02:47:56 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt) DRV:64bit: - [2013.02.28 02:47:42 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013.02.24 14:35:57 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2013.02.24 14:35:00 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2013.02.24 14:32:17 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2013.02.05 11:00:26 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2013.02.02 05:01:13 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.11 07:22:08 | 000,042,824 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012.12.04 01:08:28 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2012.09.25 03:32:10 | 000,165,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2012.09.10 11:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2012.09.03 13:52:42 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.14 09:33:22 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2012.07.23 11:11:44 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2012.05.30 06:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.04.20 03:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012.04.20 03:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012.04.19 09:32:08 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.04.19 09:32:06 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.04.19 09:32:06 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.04.18 15:38:02 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.28 13:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2012.03.27 02:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS -- (PHCORE) DRV:64bit: - [2012.03.06 08:59:42 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2012.01.11 05:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.12.29 08:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2011.12.26 11:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.12.08 23:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.08 23:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.12.08 04:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd) DRV:64bit: - [2011.05.30 17:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV:64bit: - [2011.05.29 12:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C) DRV:64bit: - [2011.05.26 03:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013.02.02 05:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP2X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013.02.02 05:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.11 07:53:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.11 07:53:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 14:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2013.05.24 21:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 21:33:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Docs = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe () O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital) O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65FCFB23-EEE1-4C2E-AACC-5889BAFEFF15}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A96FFC98-071E-4803-B5B3-E437E99833C3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F09041C2-F9A5-4290-A126-14E0ED766DCD}: DhcpNameServer = 195.186.152.33 195.186.216.33 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.15 05:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{72456fc6-6ce5-11e2-bf73-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{72456fc6-6ce5-11e2-bf73-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 05:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.29 20:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anki [2013.06.23 12:53:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2013.06.23 12:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2013.06.23 12:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel.sav [2013.06.23 12:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby [2013.06.23 12:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dolby Advanced Audio v2 [2013.06.23 12:51:06 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.06.23 12:51:03 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.06.23 12:51:03 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.06.23 12:51:03 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.06.23 12:51:03 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.06.23 12:51:03 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.06.23 12:51:02 | 002,735,648 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.06.23 12:51:02 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2013.06.23 12:51:02 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2013.06.23 12:51:02 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2013.06.11 07:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.11 07:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.11 07:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.11 07:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.11 07:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.11 07:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.06.11 07:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.01 16:51:39 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.07.01 16:49:58 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.01 16:49:58 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.01 16:49:53 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.01 16:49:53 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.01 16:49:53 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.01 16:49:53 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.01 16:49:53 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.01 16:43:12 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.01 16:43:00 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat [2013.07.01 16:41:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.01 16:41:10 | 1909,686,271 | -HS- | M] () -- C:\hiberfil.sys [2013.07.01 15:42:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.01 15:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.29 20:24:51 | 000,000,742 | ---- | M] () -- C:\Users\Admin\Desktop\Anki.lnk [2013.06.24 17:25:05 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.11 07:57:39 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.11 07:53:29 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.06.03 17:08:30 | 000,000,008 | ---- | M] () -- C:\Windows\SysNative\drivers\RTKHDAUD.DAT [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.01 16:51:39 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.06.29 20:24:51 | 000,000,754 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk [2013.06.29 20:24:51 | 000,000,742 | ---- | C] () -- C:\Users\Admin\Desktop\Anki.lnk [2013.06.23 12:51:04 | 000,576,929 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.06.11 07:57:39 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.11 07:53:29 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.05.20 11:42:26 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat [2013.05.10 15:51:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013.05.10 15:48:46 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.06 16:14:09 | 000,706,560 | ---- | C] () -- C:\Windows\is-NKRQD.exe [2013.02.24 18:05:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2013.02.24 13:31:14 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2013.02.02 05:19:05 | 000,756,084 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013.02.02 05:19:02 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.09.03 13:52:50 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.09.03 13:52:40 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.09.03 13:52:32 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.02.03 08:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.06 09:30:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON [2013.02.24 22:41:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2013.02.24 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lenovo [2013.02.24 22:41:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LSC [2013.02.24 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PwrMgr ========== Purity Check ========== < End of report > Inhalt des Extras-text-files: OTL Extras logfile created on: 01.07.2013 16:58:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\aa_trojaner-board 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.70 Gb Total Physical Memory | 5.34 Gb Available Physical Memory | 69.28% Memory free 15.41 Gb Paging File | 12.93 Gb Available in Paging File | 83.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446.72 Gb Total Space | 270.25 Gb Free Space | 60.50% Space Free | Partition Type: NTFS Drive G: | 931.48 Gb Total Space | 669.83 Gb Free Space | 71.91% Space Free | Partition Type: NTFS Drive Q: | 17.58 Gb Total Space | 4.54 Gb Free Space | 25.80% Space Free | Partition Type: NTFS Drive S: | 1.46 Gb Total Space | 0.67 Gb Free Space | 45.95% Space Free | Partition Type: NTFS Computer Name: THINKPAD-T | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] "" = "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F494A1F-E6DA-4352-8C99-ED5BC4C27B8A}" = rport=137 | protocol=17 | dir=out | app=system | "{1E607942-CD13-42B4-986C-0AAF586F1C05}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1FDDCB72-6F2C-40BE-9B30-B1386DE402BE}" = lport=2869 | protocol=6 | dir=in | app=system | "{203C600C-F87C-4B9B-ACD0-CDAC0FDCD4EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2CD8E6A9-2C4A-4984-BFE7-ABE54D1C89D3}" = rport=139 | protocol=6 | dir=out | app=system | "{2FEA16D9-13F6-4EA3-87FA-9113192051B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38ED7BEA-E2E8-449A-9139-80AE7204CAE4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3CA68BEB-37BF-4332-BCE4-50E93186D374}" = lport=137 | protocol=17 | dir=in | app=system | "{46F6EC7A-20FC-459A-AD47-A82C7652DC00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BD68A27-9EC2-445F-92EB-C8FDFE1978B5}" = rport=10243 | protocol=6 | dir=out | app=system | "{4CCB2BBD-1A78-490C-B4AA-E5879A21CC4F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{529BC049-2A82-464D-AFC8-38774A738EC4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{58198614-3B9C-443A-BF62-8869EF3A17E9}" = rport=445 | protocol=6 | dir=out | app=system | "{5A80F9C0-0A62-49B9-869A-1EFCDB5663D1}" = lport=138 | protocol=17 | dir=in | app=system | "{5D1B6434-7614-428B-959B-0B9B7753937D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{64ED009E-83F5-41DA-9EAE-636F0D20EAE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6D5FCA26-8189-4CC9-88F8-19ADEE0062E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{704FA987-AEC8-4C33-952C-92078020F5FA}" = lport=139 | protocol=6 | dir=in | app=system | "{72D74402-B726-4C20-B76B-CC7A7AA7A45C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{73AB1FB2-6643-4254-9C36-43374D9E0006}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{79613720-32D1-4226-8DA9-EFBEC76E5D34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{806983D9-9DA0-455D-B31A-3460A4CB38A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{885DA21C-6A34-4CD5-A92B-A312AEB1217C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A32268E1-BBFC-4E4E-9ECC-F14E22A9F4EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A770E61D-C73E-4952-92C2-7BF97AFCB0D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AA5F7F54-784C-4704-B511-3C464B6036E0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B1C82449-B588-4FEF-8742-51E1641FD364}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CE0CB540-29DB-463F-A4CD-6CC6A258A92D}" = rport=138 | protocol=17 | dir=out | app=system | "{D3052FCF-5111-48EC-AE88-DE6CBC21856E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DD504C55-8D63-4704-8B79-49CD6727A7C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EB96D45A-CB99-45F7-B421-0A4A57271E46}" = lport=445 | protocol=6 | dir=in | app=system | "{F28602D1-00E3-451B-B591-07DC57B4B59D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FD3B4448-D6E5-4C87-981C-21B10DB0F81F}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04BBC743-0D6E-4818-B59F-C827548E094F}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{09559199-DE3F-433A-9975-4689BE204F6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2A941947-C6F1-4AE4-AA8E-7847A3787166}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{31870F99-F48E-4366-A1A7-545E5E88B062}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{32348268-6927-44B5-B1B9-8E10E24E50B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{341C946D-F3A9-4789-9162-179CFAC31D06}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{367929DE-D638-4CF5-B501-AF0E085AFF6B}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{3797E4F2-BAED-4678-8E3B-AD56011F9287}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3A5AB69F-8B33-4CBE-B94C-E7A3B64F69FB}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{45CDF980-ECAF-4C01-AF49-8713DFBBAF1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{49833BB4-B8FF-41C6-B23C-6A4B9FF7B24D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4E4EC691-D316-4AD3-9C60-3438A90ED3A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{51FC606F-C92D-4DD2-BAB9-76B2FDCB9489}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5420F78B-E6D1-40EA-9DC7-D8EE3A32F2A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5742D718-2C44-4920-84A4-EC2E81D3D466}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5DCB851E-54DF-45BA-B0D4-54C56886C224}" = protocol=6 | dir=out | app=system | "{6269C4A3-8235-4F00-B996-A8FCCE1C078E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{63CAF87E-8D48-42D6-9E06-0533596DF18A}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{730E365E-4833-4C28-98D6-3BCD0D0F46B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{763E8D9E-7219-4BD2-9E86-6E8B5069B0D5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7976C2D4-5D0D-4D56-BDC0-C2E568179F95}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{7D73E555-329A-40B4-8B24-CFB988916C83}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8277D3D6-9EF9-4FBD-BC99-7DB2FF4A8A0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{84DDFA89-7983-4EFD-BD2F-B0AC5F436CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{8AF49534-BE99-4452-80E3-B3FC855268E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8EEE1D29-94F7-4465-9844-7259D8134365}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{9849317A-ED40-4A9B-ADF6-C69C885B92C3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A1FAA14D-58A4-4D61-B521-46B8A6AEC9C7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ACFDED3A-5C85-47C9-887C-3E2E07E35FD6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AF5612F7-8F5D-4600-BC61-B8F93C814F0A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B054EF6E-56F9-4ABC-BFA3-292401556C00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B1429E70-6F37-466F-BA34-CBD069190A71}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C298C9DB-4D37-4F10-B0D9-963494FD245D}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | "{C3260876-3A1B-419A-9AD3-F7CE57526CF5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C478FE8E-C3E2-4EE6-8AB9-CA7E2AFB659F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D7A97C97-F9E1-4F85-A731-F424F6A8CDA8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E27F1A53-47B8-41D7-BC07-75B89554DA27}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{F298E487-29B9-4149-91EB-CFF3EF00AB64}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{F5216051-87E2-4F1D-A5B5-9A1887F631E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F5AE07D2-CFAB-493A-947E-89600141146E}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "TCP Query User{1EA7CCCF-A125-4C28-BE26-B60286F2E9DA}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{26CB041B-CDC1-47DF-8212-4235C8CE7AB1}C:\users\***\appdata\roaming\naogi\golup.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\naogi\golup.exe | "UDP Query User{4B0694D5-5DC3-48B1-83E2-6F83E91FD982}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{E16D1AB0-6E3E-45C3-BCCF-98AA3762EBC8}C:\users\***\appdata\roaming\naogi\golup.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\naogi\golup.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3849486C-FF09-4F5D-B491-3E179D58EE15}" = Message Center Plus "{4041B18B-DE30-4D78-9D60-6ADC586C5E00}" = Lenovo Solution Center "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{49A09C2C-FFF4-478E-B397-5E0979F67F5D}" = Lenovo Patch Utility 64 bit "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot Shield "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{728985C5-A04B-457C-9D62-15360F3EAF85}" = Intel(R) WiDi "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes "{7C6CD9B4-B230-4E76-80AA-FB465FF4DE29}" = Intel(R) PROSet/Wireless WiFi Software Driver "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{84438A60-EF36-46C5-A0D5-6D1D5E0CAED1}" = FileOpen Client (x64) "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.00 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.00 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.00 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DD178D9D-89DD-4F15-9E56-57C85D1EDF36}" = WD SmartWare "{DEF50764-F1A7-4DD4-B8BA-C81A4807631A}" = Intel® PROSet/Wireless WiFi Software "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F58DA859-016E-492D-A588-317D9BB28002}" = ThinkVantage Fingerprint Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client "09839A9B5EDA69DA2DCC34637B5140AAF8A53B44" = Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) "64B3C27E4CF7B6AD920184EFFF6C488C55EF2892" = Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) "97EE1802A0385A37DE6323FA39EC76BEB2D73E41" = Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) "9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) "CutePDF Writer Installation" = CutePDF Writer 3.0 "D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) "DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 "E3535F123E7F666D573665142F90D3E5004DC326" = Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) "EC2A0F2B229770EC589265FCF2B4839A0C221993" = Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 "EPSON BX935FWD Series" = Druckerdeinstallation für EPSON BX935FWD Series "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "OnScreenDisplay" = Anzeige am Bildschirm "Power Management Driver" = Lenovo Power Management Driver "SynTPDeinstKey" = ThinkPad UltraNav Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{124310E8-7C49-4C33-B4F2-3CF43F3830B7}" = WD Quick View "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3B9DC4B3-A06A-46B9-8CCE-CAB0BE913244}" = RnR Sysprep Patch "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{924A274D-38B6-4930-8859-F3F51CFA8DDD}" = WD SES Driver Setup "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}" = Rescue and Recovery "{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}" = WD SmartWare Installer "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access "{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}" = Lenovo Patch Utility "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{fad118b4-798f-4755-9e67-a622eec95b62}" = Intel® PROSet/Wireless Software "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.4 Professional - English, Français, Deutsch "Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V_714" = Adobe Acrobat 7.1.4 - CPSID_50030 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Anki" = Anki "EPSON Scanner" = EPSON Scan "Fastboot" = RapidBoot HDD Accelerator "Google Chrome" = Google Chrome "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "QUICKfind" = QUICKfind server v1.1 "SugarSync" = SugarSync Manager "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.06.2013 07:02:03 | Computer Name = Thinkpad-T | Source = Bonjour Service | ID = 100 Description = Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error - 22.06.2013 07:02:03 | Computer Name = Thinkpad-T | Source = Bonjour Service | ID = 100 Description = Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error - 22.06.2013 12:02:39 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 12:09:57 | Computer Name = Thinkpad-T | Source = Bonjour Service | ID = 100 Description = Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error - 22.06.2013 14:01:32 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 14:46:03 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 14:58:29 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 15:18:29 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10 Description = Error - 23.06.2013 04:00:07 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10 Description = Error - 23.06.2013 04:03:28 | Computer Name = Thinkpad-T | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 11 Error - 23.06.2013 06:32:32 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10 Description = [ Lenovo-Lenovo Patch Utility/Admin Events ] Error - 30.04.2013 09:12:31 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 1 Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches//PM.manifest.xml". Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 30.04.2013 09:12:31 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 2 Description = Failed to download the manifest file. Error - 06.05.2013 12:51:24 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. Error - 06.05.2013 12:51:26 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 1 Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml". Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 06.05.2013 12:51:26 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 2 Description = manifest file was not found on server [ Lenovo-Message Center Plus/Admin Events ] Error - 19.04.2013 08:46:14 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 20.04.2013 06:41:42 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 20.04.2013 06:41:42 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 20.04.2013 06:41:42 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 20.04.2013 10:43:41 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 20.04.2013 10:43:43 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 20.04.2013 10:43:45 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 21.04.2013 08:32:33 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 21.04.2013 08:32:33 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 21.04.2013 08:32:33 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt [ System Events ] Error - 01.07.2013 09:46:03 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 01.07.2013 09:46:03 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 01.07.2013 09:46:03 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 01.07.2013 09:46:16 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 01.07.2013 09:46:26 | Computer Name = Thinkpad-T | Source = DCOM | ID = 10005 Description = Error - 01.07.2013 09:47:27 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001 Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 01.07.2013 10:42:00 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht. Error - 01.07.2013 10:43:50 | Computer Name = Thinkpad-T | Source = DCOM | ID = 10016 Description = Error - 01.07.2013 10:44:56 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 01.07.2013 10:44:56 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Könnt Ihr mir dabei helfen? Vielen Dank schon mal. Beste Grüsse cpstutz |
|
01.07.2013, 17:51
| #2 |
| /// the machine /// TB-Ausbilder    | Win32/Small.CA-Virus entfernen HI,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
01.07.2013, 18:19
| #3 |
| | Win32/Small.CA-Virus entfernen Hallo, vielen Dank für die rasche Antwort. Hier die gewünschten Log-files:
__________________FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by *** (ATTENTION: The logged in user is not administrator) on 01-07-2013 18:08:32
Running from C:\Users\***\Desktop\aa_trojaner-board
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-17] (Synaptics Incorporated)
HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-02] (Google Inc.)
HKCU\...\Run: [Texuyx] C:\Users\***\AppData\Roaming\Naogi\golup.exe [x]
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
MountPoints2: {72456fc6-6ce5-11e2-bf73-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {ec80e847-8408-11e2-98df-806e6f6e6963} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [6002984 2013-04-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-24] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-03-21] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [194856 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start [133944 2011-08-18] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-02-24] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-02-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\user.js
FF SearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.ch/|hxxp://www.admin.ch/ch/d/sr/sr.html|hxxp://www.zh.ch/internet/de/rechtliche_grundlagen/gesetze/loseblattsammlung/aktuelle_fassung.html#a-content|hxxp://www.gerichte-zh.ch/|hxxp://www.bger.ch/index/juridiction/jurisdiction-inherit-template/jurisdiction-recht/jurisdiction-recht-leitentscheide1954.htm|https://www.swisslex.ch/Home.mvc|hxxp://www.legalis.ch/bib/default.asp?typ=login&redir=%2Fbib%2Fdefault%2Easp|hxxp://www.swissblawg.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyProxy Basic - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\foxyproxy@eric.h.jung
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-11] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-11-07] (FileOpen Systems Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-24] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-02-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-24] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-02-24] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-02-24] (Sophos Limited)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-03-21] (Western Digital Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2013-02-05] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-27] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-02-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-02-24] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-02-24] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:54 - 2013-07-01 18:07 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-05-21 21:50 - 03425608 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-06-23 12:51 - 2013-05-21 15:57 - 00142408 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-06-23 12:51 - 2013-05-21 15:05 - 00576929 ____N C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-06-23 12:51 - 2013-05-21 14:15 - 24962560 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-06-23 12:51 - 2013-05-20 16:16 - 01003592 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-06-23 12:51 - 2013-05-20 14:36 - 02794056 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-06-23 12:51 - 2013-05-02 12:01 - 02103040 ____N (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib64.dll
2013-06-23 12:51 - 2013-04-30 19:53 - 03693640 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-06-23 12:51 - 2013-04-30 14:28 - 00916016 ____N (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-06-23 12:51 - 2013-04-24 17:16 - 01662024 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-06-23 12:51 - 2013-04-23 00:40 - 02735648 ____N (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-06-23 12:51 - 2013-03-23 03:43 - 00208072 ____N (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-06-23 12:51 - 2013-02-20 18:55 - 01284680 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00501192 ____N (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00487368 ____N (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00415688 ____N (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-06-23 12:51 - 2012-08-31 19:18 - 07164176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00434960 ____N (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00141584 ____N (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00124176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00075024 ____N (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-05-13 15:15 - 00064624 ____N (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-17 10:07 - 2013-06-19 10:38 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-15 15:32 - 2013-06-08 16:08 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 15:32 - 2013-06-08 16:07 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 15:32 - 2013-06-08 14:28 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 15:32 - 2013-06-08 13:42 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 15:32 - 2013-06-08 13:13 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 08:50 - 2013-05-17 03:25 - 02877440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 01767936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00690688 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00493056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00109056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00061440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00039424 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00033280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 02241024 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 00051712 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 08:50 - 2013-05-17 02:58 - 03958784 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00855552 ____N (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00603136 ____N (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00136704 ____N (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00053248 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00039936 ____N (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 08:50 - 2013-05-14 14:23 - 00089600 ____N (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 08:50 - 2013-05-14 10:40 - 00071680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 20:02 - 2013-05-13 07:51 - 01464320 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00139776 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 07:50 - 00052224 ____N (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 01160192 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00140288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00103936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 05:43 - 01192448 ____N (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00903168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:02 - 2013-05-10 07:49 - 00030720 ____N (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:02 - 2013-05-10 05:20 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:02 - 2013-05-08 08:39 - 01910632 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:02 - 2013-04-26 07:51 - 00751104 ____N (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:02 - 2013-04-26 06:55 - 00492544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:02 - 2013-04-26 01:30 - 01505280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:02 - 2013-04-17 09:02 - 01230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-17 08:24 - 01424384 ____N (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-01 00:52 - 01887232 ____N (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____N C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____N C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 18:26 - 2013-06-13 16:12 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
==================== One Month Modified Files and Folders =======
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 18:07 - 2013-07-01 16:54 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 17:42 - 2013-02-02 05:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 17:31 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:31 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:29 - 2013-02-02 04:47 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-07-01 17:29 - 2013-02-02 04:47 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-07-01 17:29 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 17:27 - 2013-02-02 05:10 - 01928076 ____A C:\Windows\WindowsUpdate.log
2013-07-01 17:25 - 2013-03-18 20:08 - 00000000 ___SD C:\Users\***\Google Drive
2013-07-01 17:25 - 2013-03-18 20:03 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-01 17:25 - 2013-03-18 20:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-01 17:25 - 2013-02-02 05:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 17:25 - 2013-02-02 05:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 17:24 - 2013-05-20 11:42 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat
2013-07-01 17:24 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:23 - 2009-07-14 06:51 - 00086888 ____A C:\Windows\setupact.log
2013-07-01 17:19 - 2013-02-24 14:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-01 16:51 - 2013-02-24 22:40 - 00000000 ____D C:\users\Admin
2013-07-01 14:06 - 2013-03-17 17:34 - 00000000 ____D C:\Users\***\Documents\Anki
2013-07-01 14:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 12:01 - 2013-02-02 05:25 - 00000000 ____D C:\swshare
2013-07-01 11:13 - 2013-03-17 17:31 - 00000000 ____D C:\Users\***\Documents\Ramschsammlung
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-26 08:56 - 2013-05-06 18:39 - 00000000 ____D C:\Users\***\AppData\Local\CutePDF Writer
2013-06-24 17:25 - 2013-05-10 15:48 - 01590378 ____N C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 17:13 - 2013-02-24 20:13 - 00000000 ____D C:\ldiag
2013-06-23 15:50 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Anwaltsprüfung
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00867240 ____N (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00789416 ____N (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-23 12:53 - 2013-02-02 05:11 - 00166482 ____N C:\Windows\DPINST.LOG
2013-06-23 12:52 - 2013-04-27 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-02-02 05:18 - 00003043 ____N C:\RHDSetup.log
2013-06-23 12:51 - 2013-02-02 05:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-02-02 05:18 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-20 15:25 - 2013-03-18 12:24 - 00000000 ____D C:\Users\***\Documents\Scans
2013-06-20 13:22 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Sunrise
2013-06-19 10:38 - 2013-06-17 10:07 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-17 18:46 - 2013-03-03 13:18 - 00000000 ____D C:\Users\***\Documents\Knowhow
2013-06-17 10:11 - 2013-03-22 10:27 - 00000000 ____D C:\Users\***\Documents\Vorlagen
2013-06-17 09:47 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Homeoffice
2013-06-16 21:01 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Nesshy
2013-06-15 17:34 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Heidi
2013-06-14 16:01 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Swisscom
2013-06-13 16:12 - 2013-06-10 18:26 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
2013-06-13 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:54 - 2009-07-14 04:34 - 00000499 ____N C:\Windows\win.ini
2013-06-13 08:50 - 2013-02-24 18:53 - 75825640 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____N C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____N C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 14:23 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\OBCZ
2013-06-08 16:08 - 2013-06-15 15:32 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 15:32 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 15:32 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 16:02 - 2010-11-21 05:47 - 00606422 ____N C:\Windows\PFRO.log
2013-06-06 20:58 - 2013-05-27 12:12 - 00000000 ____D C:\Users\***\Documents\Publikationen cst
2013-06-06 20:57 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Bewerbungsunterlagen
2013-06-03 17:08 - 2013-02-02 05:18 - 00000008 ____N C:\Windows\System32\Drivers\RTKHDAUD.DAT
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- Addition-file: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2013 03
Ran by *** at 2013-07-01 18:14:10
Running from C:\Users\***\Desktop\aa_trojaner-board
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.4)
Adobe Acrobat 7.1.4 - CPSID_50030 (x32)
Adobe Acrobat 7.1.4 Professional - English, Français, Deutsch (x32 Version: 7.1.4)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Anki (x32)
Anzeige am Bildschirm (Version: 7.12.00)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Cambridge Advanced Learner's Dictionary - 3rd Edition (x32)
CDBurnerXP (x32 Version: 4.5.1.3868)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Corel WinDVD (x32 Version: 10.0.6.392)
Create Recovery Media (x32 Version: 1.20.0.00)
CutePDF Writer 3.0 (Version: 3.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.17)
Dropbox (HKCU Version: 2.0.22)
Druckerdeinstallation für EPSON BX935FWD Series
EPSON Scan (x32)
Evernote v. 4.2.3 (x32 Version: 4.2.3.15)
FileOpen Client (x64) (Version: 3.0.90.926)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 27.0.1453.116)
Google Drive (x32 Version: 1.10.4769.632)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (x32 Version: 1.2.1.18)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 9.0.0.1310)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel(R) WiDi (Version: 3.1.29.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless Software (x32 Version: 15.6.1)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142)
Intel® Trusted Connect Service Client (Version: 1.27.757.1)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 2.00)
Lenovo Patch Utility (x32 Version: 1.3.0.9)
Lenovo Patch Utility (x32 Version: 1.3.2.6)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo SimpleTap (Version: 3.2.0004.00)
Lenovo Solution Center (Version: 2.1.003.00)
Lenovo System Update (x32 Version: 5.02.0011)
Lenovo User Guide (x32 Version: 1.0.0009.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 3.1.0020.00)
Mesh Runtime (x32 Version: 15.4.5722.2)
Message Center Plus (Version: 3.1.0004.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Treiber 311.00 (Version: 311.00)
NVIDIA Grafiktreiber 311.00 (Version: 311.00)
NVIDIA HD-Audiotreiber 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA Optimus 1.11.3 (Version: 1.11.3)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1100)
NVIDIA Systemsteuerung 311.00 (Version: 311.00)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Power Manager (x32 Version: 6.54)
QUICKfind server v1.1 (x32)
QuickTime (x32 Version: 7.74.80.86)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
RapidBoot HDD Accelerator (x32 Version: 1.00.0802)
RapidBoot Shield (Version: 1.23)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6914)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Rescue and Recovery (x32 Version: 4.50.0025.00)
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01)
RnR Sysprep Patch (x32 Version: 1.00.0001)
Skype™ 6.3 (x32 Version: 6.3.105)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Sophos Virus Removal Tool (x32 Version: 2.3)
SugarSync Manager (x32 Version: 1.9.61.90905)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.3800)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 6.01)
ThinkVantage Active Protection System (Version: 1.77.0.11)
ThinkVantage Communications Utility (Version: 3.0.44.0)
ThinkVantage Fingerprint Software (Version: 5.9.9.7282)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VIP Access (x32 Version: 2.0.5.13)
WD Drive Utilities (x32 Version: 1.0.3.3)
WD Quick View (x32 Version: 2.0.1.2)
WD Security (x32 Version: 1.0.3.3)
WD SES Driver Setup (x32 Version: 1.0.2.3)
WD SmartWare (Version: 2.0.1.2)
WD SmartWare Installer (x32 Version: 2.0.1.2)
Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (Version: 01/11/2012 11.15.16.0)
Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (Version: 01/11/2012 9.3.0.1020)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (Version: 02/29/2012 1.65.05.20)
Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (Version: 04/06/2012 16.1.1.0)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
==================== Restore Points =========================
Could not list Restore Points.
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/01/2013 05:55:05 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 11
Error: (07/01/2013 05:24:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 04:42:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 03:46:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 02:56:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 01:59:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 08:07:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 08:04:51 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
Error: (07/01/2013 07:49:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/30/2013 01:56:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/01/2013 05:26:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/01/2013 05:26:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/01/2013 05:25:39 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/01/2013 05:24:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.
Error: (07/01/2013 05:23:52 PM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d89ddab6b1, 0xb3b7465ef058f203, 0xfffff880009f05c0, 0x0000000000000002)C:\Windows\MEMORY.DMP070113-12667-01
Error: (07/01/2013 05:23:51 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?01.?07.?2013 um 17:22:26 unerwartet heruntergefahren.
Error: (07/01/2013 04:44:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/01/2013 04:44:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/01/2013 04:43:50 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/01/2013 04:42:00 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.
Microsoft Office Sessions:
=========================
Error: (07/01/2013 05:55:05 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 11
Error: (07/01/2013 05:24:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 04:42:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 03:46:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 02:56:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 01:59:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 08:07:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 08:04:51 AM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
Error: (07/01/2013 07:49:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/30/2013 01:56:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-04-12 11:07:23.133
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 11:06:01.756
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:43:09.610
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:12:54.404
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:11:22.511
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:11:22.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:07:32.382
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-25 16:47:43.250
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-25 16:47:08.389
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-25 16:46:51.999
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 7889.63 MB
Available physical RAM: 5132.78 MB
Total Pagefile: 15777.44 MB
Available Pagefile: 12910.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:446.72 GB) (Free:269.38 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:669.83 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.54 GB) NTFS (Disk=0 Partition=3)
Drive s: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:0.67 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
01.07.2013, 20:15
| #4 |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus entfernen Unsere Tools müssen immer mit Admin-Rechten laufen, bitte wiederholen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2013, 22:06
| #5 |
| | Win32/Small.CA-Virus entfernen Ok. Sorry about that  Hab ich nicht gewusst. Also nochmals: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2013 02
Ran by *** (administrator) on 01-07-2013 21:38:31
Running from C:\Users\***\Desktop\aa_trojaner-board
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-17] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-02] (Google Inc.)
HKCU\...\Run: [Texuyx] C:\Users\***\AppData\Roaming\Naogi\golup.exe [x]
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {72456fc6-6ce5-11e2-bf73-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {ec80e847-8408-11e2-98df-806e6f6e6963} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [6002984 2013-04-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-24] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-03-21] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [194856 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start [133944 2011-08-18] ()
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default\...\RunOnce: [] [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [] [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-02-24] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-02-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\user.js
FF SearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.ch/|hxxp://www.admin.ch/ch/d/sr/sr.html|hxxp://www.zh.ch/internet/de/rechtliche_grundlagen/gesetze/loseblattsammlung/aktuelle_fassung.html#a-content|hxxp://www.gerichte-zh.ch/|hxxp://www.bger.ch/index/juridiction/jurisdiction-inherit-template/jurisdiction-recht/jurisdiction-recht-leitentscheide1954.htm|https://www.swisslex.ch/Home.mvc|hxxp://www.legalis.ch/bib/default.asp?typ=login&redir=%2Fbib%2Fdefault%2Easp|hxxp://www.swissblawg.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyProxy Basic - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\foxyproxy@eric.h.jung
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-11] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-11-07] (FileOpen Systems Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-24] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-02-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-24] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-02-24] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-02-24] (Sophos Limited)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-03-21] (Western Digital Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2013-02-05] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-27] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-02-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-02-24] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-02-24] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:54 - 2013-07-01 21:38 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-05-21 21:50 - 03425608 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-06-23 12:51 - 2013-05-21 15:57 - 00142408 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-06-23 12:51 - 2013-05-21 15:05 - 00576929 ____N C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-06-23 12:51 - 2013-05-21 14:15 - 24962560 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-06-23 12:51 - 2013-05-20 16:16 - 01003592 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-06-23 12:51 - 2013-05-20 14:36 - 02794056 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-06-23 12:51 - 2013-05-02 12:01 - 02103040 ____N (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib64.dll
2013-06-23 12:51 - 2013-04-30 19:53 - 03693640 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-06-23 12:51 - 2013-04-30 14:28 - 00916016 ____N (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-06-23 12:51 - 2013-04-24 17:16 - 01662024 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-06-23 12:51 - 2013-04-23 00:40 - 02735648 ____N (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-06-23 12:51 - 2013-03-23 03:43 - 00208072 ____N (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-06-23 12:51 - 2013-02-20 18:55 - 01284680 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00501192 ____N (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00487368 ____N (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00415688 ____N (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-06-23 12:51 - 2012-08-31 19:18 - 07164176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00434960 ____N (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00141584 ____N (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00124176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00075024 ____N (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-05-13 15:15 - 00064624 ____N (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-17 10:07 - 2013-06-19 10:38 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-15 15:32 - 2013-06-08 16:08 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 15:32 - 2013-06-08 16:07 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 15:32 - 2013-06-08 14:28 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 15:32 - 2013-06-08 13:42 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 15:32 - 2013-06-08 13:13 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 08:50 - 2013-05-17 03:25 - 02877440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 01767936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00690688 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00493056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00109056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00061440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00039424 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00033280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 02241024 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 00051712 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 08:50 - 2013-05-17 02:58 - 03958784 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00855552 ____N (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00603136 ____N (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00136704 ____N (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00053248 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00039936 ____N (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 08:50 - 2013-05-14 14:23 - 00089600 ____N (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 08:50 - 2013-05-14 10:40 - 00071680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 20:02 - 2013-05-13 07:51 - 01464320 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00139776 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 07:50 - 00052224 ____N (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 01160192 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00140288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00103936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 05:43 - 01192448 ____N (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00903168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:02 - 2013-05-10 07:49 - 00030720 ____N (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:02 - 2013-05-10 05:20 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:02 - 2013-05-08 08:39 - 01910632 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:02 - 2013-04-26 07:51 - 00751104 ____N (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:02 - 2013-04-26 06:55 - 00492544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:02 - 2013-04-26 01:30 - 01505280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:02 - 2013-04-17 09:02 - 01230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-17 08:24 - 01424384 ____N (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-01 00:52 - 01887232 ____N (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 18:26 - 2013-06-13 16:12 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
==================== One Month Modified Files and Folders =======
2013-07-01 21:38 - 2013-07-01 16:54 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 21:38 - 2013-02-02 04:47 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-07-01 21:38 - 2013-02-02 04:47 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-07-01 21:38 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 21:32 - 2013-05-20 11:42 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat
2013-07-01 21:32 - 2013-03-18 20:08 - 00000000 ___SD C:\Users\***\Google Drive
2013-07-01 21:32 - 2013-03-18 20:03 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-01 21:32 - 2013-03-18 20:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-01 21:32 - 2013-02-02 05:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 21:32 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 21:31 - 2013-02-02 05:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 21:31 - 2009-07-14 06:51 - 00087112 ____A C:\Windows\setupact.log
2013-07-01 21:30 - 2013-02-02 05:10 - 01936296 ____A C:\Windows\WindowsUpdate.log
2013-07-01 21:19 - 2013-02-24 14:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 20:42 - 2013-02-02 05:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 18:57 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:57 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-01 16:51 - 2013-02-24 22:40 - 00000000 ____D C:\users\Admin
2013-07-01 14:06 - 2013-03-17 17:34 - 00000000 ____D C:\Users\***\Documents\Anki
2013-07-01 14:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 12:01 - 2013-02-02 05:25 - 00000000 ____D C:\swshare
2013-07-01 11:13 - 2013-03-17 17:31 - 00000000 ____D C:\Users\***\Documents\Ramschsammlung
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-26 08:56 - 2013-05-06 18:39 - 00000000 ____D C:\Users\***\AppData\Local\CutePDF Writer
2013-06-24 17:25 - 2013-05-10 15:48 - 01590378 ____N C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 17:13 - 2013-02-24 20:13 - 00000000 ____D C:\ldiag
2013-06-23 15:50 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Anwaltsprüfung
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00867240 ____N (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00789416 ____N (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-23 12:53 - 2013-02-02 05:11 - 00166482 ____N C:\Windows\DPINST.LOG
2013-06-23 12:52 - 2013-04-27 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-02-02 05:18 - 00003043 ____N C:\RHDSetup.log
2013-06-23 12:51 - 2013-02-02 05:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-02-02 05:18 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-20 15:25 - 2013-03-18 12:24 - 00000000 ____D C:\Users\***\Documents\Scans
2013-06-20 13:22 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Sunrise
2013-06-19 10:38 - 2013-06-17 10:07 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-17 18:46 - 2013-03-03 13:18 - 00000000 ____D C:\Users\***\Documents\Knowhow
2013-06-17 10:11 - 2013-03-22 10:27 - 00000000 ____D C:\Users\***\Documents\Vorlagen
2013-06-17 09:47 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Homeoffice
2013-06-16 21:01 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Nesshy
2013-06-15 17:34 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Heidi
2013-06-14 16:01 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Swisscom
2013-06-13 16:12 - 2013-06-10 18:26 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
2013-06-13 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:54 - 2009-07-14 04:34 - 00000499 ____N C:\Windows\win.ini
2013-06-13 08:50 - 2013-02-24 18:53 - 75825640 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 14:23 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\OBCZ
2013-06-08 16:08 - 2013-06-15 15:32 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 15:32 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 15:32 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 16:02 - 2010-11-21 05:47 - 00606422 ____N C:\Windows\PFRO.log
2013-06-06 20:58 - 2013-05-27 12:12 - 00000000 ____D C:\Users\***\Documents\Publikationen cst
2013-06-06 20:57 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Bewerbungsunterlagen
2013-06-03 17:08 - 2013-02-02 05:18 - 00000008 ____N C:\Windows\System32\Drivers\RTKHDAUD.DAT
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 15:25
==================== End Of Log ============================
--- --- --- und: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2013 02
Ran by *** at 2013-07-01 21:56:28
Running from C:\Users\***\Desktop\aa_trojaner-board
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.4)
Adobe Acrobat 7.1.4 - CPSID_50030 (x32)
Adobe Acrobat 7.1.4 Professional - English, Français, Deutsch (x32 Version: 7.1.4)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Anki (x32)
Anzeige am Bildschirm (Version: 7.12.00)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Cambridge Advanced Learner's Dictionary - 3rd Edition (x32)
CDBurnerXP (x32 Version: 4.5.1.3868)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Corel WinDVD (x32 Version: 10.0.6.392)
Create Recovery Media (x32 Version: 1.20.0.00)
CutePDF Writer 3.0 (Version: 3.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.17)
Dropbox (HKCU Version: 2.0.22)
Druckerdeinstallation für EPSON BX935FWD Series
EPSON Scan (x32)
Evernote v. 4.2.3 (x32 Version: 4.2.3.15)
FileOpen Client (x64) (Version: 3.0.90.926)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 27.0.1453.116)
Google Drive (x32 Version: 1.10.4769.632)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (x32 Version: 1.2.1.18)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 9.0.0.1310)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel(R) WiDi (Version: 3.1.29.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless Software (x32 Version: 15.6.1)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142)
Intel® Trusted Connect Service Client (Version: 1.27.757.1)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 2.00)
Lenovo Patch Utility (x32 Version: 1.3.0.9)
Lenovo Patch Utility (x32 Version: 1.3.2.6)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo SimpleTap (Version: 3.2.0004.00)
Lenovo Solution Center (Version: 2.1.003.00)
Lenovo System Update (x32 Version: 5.02.0011)
Lenovo User Guide (x32 Version: 1.0.0009.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 3.1.0020.00)
Mesh Runtime (x32 Version: 15.4.5722.2)
Message Center Plus (Version: 3.1.0004.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Treiber 311.00 (Version: 311.00)
NVIDIA Grafiktreiber 311.00 (Version: 311.00)
NVIDIA HD-Audiotreiber 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA Optimus 1.11.3 (Version: 1.11.3)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1100)
NVIDIA Systemsteuerung 311.00 (Version: 311.00)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Power Manager (x32 Version: 6.54)
QUICKfind server v1.1 (x32)
QuickTime (x32 Version: 7.74.80.86)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
RapidBoot HDD Accelerator (x32 Version: 1.00.0802)
RapidBoot Shield (Version: 1.23)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6914)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Rescue and Recovery (x32 Version: 4.50.0025.00)
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01)
RnR Sysprep Patch (x32 Version: 1.00.0001)
Skype™ 6.3 (x32 Version: 6.3.105)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Sophos Virus Removal Tool (x32 Version: 2.3)
SugarSync Manager (x32 Version: 1.9.61.90905)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.3800)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 6.01)
ThinkVantage Active Protection System (Version: 1.77.0.11)
ThinkVantage Communications Utility (Version: 3.0.44.0)
ThinkVantage Fingerprint Software (Version: 5.9.9.7282)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VIP Access (x32 Version: 2.0.5.13)
WD Drive Utilities (x32 Version: 1.0.3.3)
WD Quick View (x32 Version: 2.0.1.2)
WD Security (x32 Version: 1.0.3.3)
WD SES Driver Setup (x32 Version: 1.0.2.3)
WD SmartWare (Version: 2.0.1.2)
WD SmartWare Installer (x32 Version: 2.0.1.2)
Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (Version: 01/11/2012 11.15.16.0)
Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (Version: 01/11/2012 9.3.0.1020)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (Version: 02/29/2012 1.65.05.20)
Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (Version: 04/06/2012 16.1.1.0)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
==================== Restore Points =========================
22-06-2013 10:59:47 Windows Update
23-06-2013 10:52:05 Intel® PROSet/Wireless Software
23-06-2013 11:26:22 Installed Java 7 Update 25
24-06-2013 15:19:17 Windows Update
28-06-2013 06:46:52 Windows Update
==================== Scheduled Tasks (whitelisted) =============
Task: {125C2C3B-098C-4578-8A72-4D13FB58D674} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {24C6274B-A1D2-4867-B2BF-EDDF55FF35F1} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Thinkpad-T.*** => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {30B76162-EFA7-4A6E-AAA2-CDAE600030E2} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2011-08-18] (Lenovo Limited Group Corporation)
Task: {3FB695B0-A4CF-49A2-AC02-DDAD7F6122BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {4AE7873A-225D-4335-8BE1-DBB1D12244C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02] (Google Inc.)
Task: {51F2B17C-137E-4D1D-A7AB-5C4EAA9E0C2A} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {6716F6BD-267F-4996-BD96-B6445878DF7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7331BE4E-B16A-4F37-915F-A27DA19473FE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {AA7D7419-9958-40D9-A861-F3BF3E9D0F61} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe No File
Task: {AD99A411-9681-41D7-B7B0-EC6DF48CD8B3} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {B38EB7BA-D18A-4440-8430-8660F6EE3FD8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {B6130E1A-265D-460E-82A9-02D39A7E5D10} - System32\Tasks\Lenovo\Message Center Plus Launcher => %programfiles(x86)%\Lenovo\message center plus\mcplaunch.exe No File
Task: {CA7F98D4-9B8D-4D51-A02F-052DD5B3B31F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {CBE3B5E8-46DC-4FFA-A755-FB71F533AA09} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe No File
Task: {E1A9AFCD-8F5A-4C2A-B1E8-0220AF5532BB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {F2C124BC-4896-43F1-883C-0F219C96E77F} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Thinkpad-T.Admin => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {FF293C96-1F96-45EF-BEDC-B6A82D30F8C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/01/2013 09:32:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 06:50:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 05:55:05 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 11
Error: (07/01/2013 05:24:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 04:42:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 03:46:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 02:56:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 01:59:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 08:07:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 08:04:51 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
System errors:
=============
Error: (07/01/2013 09:34:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/01/2013 09:34:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/01/2013 09:33:16 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/01/2013 09:32:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.
Error: (07/01/2013 09:29:57 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (07/01/2013 06:52:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/01/2013 06:52:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/01/2013 06:51:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/01/2013 06:49:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.
Error: (07/01/2013 05:26:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (07/01/2013 09:32:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 06:50:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 05:55:05 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 11
Error: (07/01/2013 05:24:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 04:42:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 03:46:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 02:56:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 01:59:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 08:07:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2013 08:04:51 AM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
CodeIntegrity Errors:
===================================
Date: 2013-04-12 11:07:23.133
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 11:06:01.756
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:43:09.610
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:12:54.404
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:11:22.511
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:11:22.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-12 10:07:32.382
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-25 16:47:43.250
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-25 16:47:08.389
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-25 16:46:51.999
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 7889.63 MB
Available physical RAM: 5119.43 MB
Total Pagefile: 15777.44 MB
Available Pagefile: 12916.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:446.72 GB) (Free:269.34 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.54 GB) NTFS (Disk=0 Partition=3)
Drive s: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:0.67 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3B3D5D34)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 Danke nochmals und guten Gruss cpstutz |
|
02.07.2013, 08:59
| #6 | |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus entfernenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Win32/Small.CA-Virus entfernen |
|
02.07.2013, 12:14
| #7 |
| | Win32/Small.CA-Virus entfernen Hallo Schrauber habe nun Combofix ausgeführt. Dazu Folgendes: Zuerst Datei runtergeladen, dann Netzwerkverbindungen getrennt und darauf Sophos Anti Virus gemäss Handbuch deaktiviert. Combofix gestartet. Darauf hat Sophos trotz Deaktivierung eine Datei von Combofix als Thread erkannt und in die Quarantäne verschoben. Dort habe ich sie manuell zugelassen, worauf Combofix (hoffentlich vollständig) ausgeführt wurde. Code:
ATTFilter Combofix Logfile: cpstutz |
|
02.07.2013, 14:28
| #8 |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus entfernen Hi, Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.07.2013, 16:49
| #9 |
| | Win32/Small.CA-Virus entfernen Hallo Schrauber Hat eine Weile gedauert, aber hier die Log-files: Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.02.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 *** :: THINKPAD-T [Administrator] Schutz: Deaktiviert 02.07.2013 16:07:34 mbam-log-2013-07-02 (16-07-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 308771 Laufzeit: 4 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.303 - Datei am 02/07/2013 um 16:16:40 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - THINKPAD-T
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\aa_trojaner-board\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89nmd4tb.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by *** on 02.07.2013 at 16:27:09.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\np47b545.default\minidumps [75 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.07.2013 at 16:32:31.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by *** (administrator) on 02-07-2013 16:42:37
Running from C:\Users\***\Desktop\aa_trojaner-board
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-17] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-02] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [6002984 2013-04-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-24] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [194856 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start [133944 2011-08-18] ()
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default\...\RunOnce: [] [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [] [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll C:\Windows\System32\nvinitx.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [218256 2013-02-24] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [221840 2013-02-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default
FF SearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.ch/|hxxp://www.admin.ch/ch/d/sr/sr.html|hxxp://www.zh.ch/internet/de/rechtliche_grundlagen/gesetze/loseblattsammlung/aktuelle_fassung.html#a-content|hxxp://www.gerichte-zh.ch/|hxxp://www.bger.ch/index/juridiction/jurisdiction-inherit-template/jurisdiction-recht/jurisdiction-recht-leitentscheide1954.htm|https://www.swisslex.ch/Home.mvc|hxxp://www.legalis.ch/bib/default.asp?typ=login&redir=%2Fbib%2Fdefault%2Easp|hxxp://www.swissblawg.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyProxy Basic - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\foxyproxy@eric.h.jung
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-11] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-11-07] (FileOpen Systems Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-24] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-02-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-24] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-02-24] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-02-24] (Sophos Limited)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-19] (Western Digital Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2013-02-05] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-27] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-02-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-02-24] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-02-24] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-02 16:27 - 2013-07-02 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 16:26 - 2013-07-02 16:26 - 00000000 ____D C:\JRT
2013-07-02 16:16 - 2013-07-02 16:17 - 00001412 ____A C:\AdwCleaner[S1].txt
2013-07-02 16:05 - 2013-07-02 16:05 - 00001120 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 16:05 - 2013-07-02 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 16:05 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-02 15:51 - 2013-07-02 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 11:28 - 2013-07-02 11:57 - 00000000 ___AD C:\Qoobox
2013-07-02 11:28 - 2013-07-02 11:55 - 00000000 ____D C:\Windows\erdnt
2013-07-02 11:28 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-02 11:28 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:54 - 2013-07-02 16:42 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-05-21 21:50 - 03425608 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-06-23 12:51 - 2013-05-21 15:57 - 00142408 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-06-23 12:51 - 2013-05-21 15:05 - 00576929 ____N C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-06-23 12:51 - 2013-05-21 14:15 - 24962560 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-06-23 12:51 - 2013-05-20 16:16 - 01003592 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-06-23 12:51 - 2013-05-20 14:36 - 02794056 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-06-23 12:51 - 2013-05-02 12:01 - 02103040 ____N (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib64.dll
2013-06-23 12:51 - 2013-04-30 19:53 - 03693640 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-06-23 12:51 - 2013-04-30 14:28 - 00916016 ____N (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-06-23 12:51 - 2013-04-24 17:16 - 01662024 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-06-23 12:51 - 2013-04-23 00:40 - 02735648 ____N (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-06-23 12:51 - 2013-03-23 03:43 - 00208072 ____N (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-06-23 12:51 - 2013-02-20 18:55 - 01284680 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00501192 ____N (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00487368 ____N (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00415688 ____N (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-06-23 12:51 - 2012-08-31 19:18 - 07164176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00434960 ____N (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00141584 ____N (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00124176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00075024 ____N (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-05-13 15:15 - 00064624 ____N (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-17 10:07 - 2013-06-19 10:38 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-15 15:32 - 2013-06-08 16:08 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 15:32 - 2013-06-08 16:07 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 15:32 - 2013-06-08 14:28 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 15:32 - 2013-06-08 13:42 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 15:32 - 2013-06-08 13:13 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 08:50 - 2013-05-17 03:25 - 02877440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 01767936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00690688 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00493056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00109056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00061440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00039424 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00033280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 02241024 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 00051712 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 08:50 - 2013-05-17 02:58 - 03958784 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00855552 ____N (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00603136 ____N (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00136704 ____N (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00053248 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00039936 ____N (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 08:50 - 2013-05-14 14:23 - 00089600 ____N (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 08:50 - 2013-05-14 10:40 - 00071680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 20:02 - 2013-05-13 07:51 - 01464320 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00139776 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 07:50 - 00052224 ____N (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 01160192 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00140288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00103936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 05:43 - 01192448 ____N (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00903168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:02 - 2013-05-10 07:49 - 00030720 ____N (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:02 - 2013-05-10 05:20 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:02 - 2013-05-08 08:39 - 01910632 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:02 - 2013-04-26 07:51 - 00751104 ____N (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:02 - 2013-04-26 06:55 - 00492544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:02 - 2013-04-26 01:30 - 01505280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:02 - 2013-04-17 09:02 - 01230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-17 08:24 - 01424384 ____N (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-01 00:52 - 01887232 ____N (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 18:26 - 2013-06-13 16:12 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
==================== One Month Modified Files and Folders =======
2013-07-02 16:42 - 2013-07-01 16:54 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-02 16:42 - 2013-02-02 05:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 16:41 - 2013-03-18 20:08 - 00000000 ___SD C:\Users\***\Google Drive
2013-07-02 16:41 - 2013-03-18 20:03 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-02 16:41 - 2013-03-18 20:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-02 16:39 - 2013-02-02 05:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 16:38 - 2013-05-20 11:42 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat
2013-07-02 16:38 - 2013-02-02 05:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 16:38 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 16:38 - 2009-07-14 06:51 - 00087762 ____A C:\Windows\setupact.log
2013-07-02 16:37 - 2013-02-02 05:10 - 01998316 ____A C:\Windows\WindowsUpdate.log
2013-07-02 16:28 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 16:28 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 16:27 - 2013-07-02 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 16:26 - 2013-07-02 16:26 - 00000000 ____D C:\JRT
2013-07-02 16:26 - 2013-02-02 04:47 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-07-02 16:26 - 2013-02-02 04:47 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-07-02 16:26 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 16:18 - 2010-11-21 05:47 - 00609326 ____A C:\Windows\PFRO.log
2013-07-02 16:17 - 2013-07-02 16:16 - 00001412 ____A C:\AdwCleaner[S1].txt
2013-07-02 16:05 - 2013-07-02 16:05 - 00001120 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 16:05 - 2013-07-02 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 15:51 - 2013-07-02 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 15:23 - 2013-02-24 14:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 13:36 - 2013-04-27 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-02 13:36 - 2013-02-02 05:11 - 00178106 ____A C:\Windows\DPINST.LOG
2013-07-02 13:35 - 2013-04-27 17:01 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-07-02 13:35 - 2013-03-02 08:46 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-07-02 11:57 - 2013-07-02 11:28 - 00000000 ___AD C:\Qoobox
2013-07-02 11:57 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-07-02 11:55 - 2013-07-02 11:28 - 00000000 ____D C:\Windows\erdnt
2013-07-02 11:52 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-02 11:51 - 2009-07-14 04:34 - 78905344 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 22806528 ____A C:\Windows\System32\config\SYSTEM.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-01 16:51 - 2013-02-24 22:40 - 00000000 ____D C:\users\Admin
2013-07-01 14:06 - 2013-03-17 17:34 - 00000000 ____D C:\Users\***\Documents\Anki
2013-07-01 14:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 12:01 - 2013-02-02 05:25 - 00000000 ____D C:\swshare
2013-07-01 11:13 - 2013-03-17 17:31 - 00000000 ____D C:\Users\***\Documents\Ramschsammlung
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-26 08:56 - 2013-05-06 18:39 - 00000000 ____D C:\Users\***\AppData\Local\CutePDF Writer
2013-06-24 17:25 - 2013-05-10 15:48 - 01590378 ____N C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 17:13 - 2013-02-24 20:13 - 00000000 ____D C:\ldiag
2013-06-23 15:50 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Anwaltsprüfung
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00867240 ____N (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00789416 ____N (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-02-02 05:18 - 00003043 ____N C:\RHDSetup.log
2013-06-23 12:51 - 2013-02-02 05:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-02-02 05:18 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-20 15:25 - 2013-03-18 12:24 - 00000000 ____D C:\Users\***\Documents\Scans
2013-06-20 13:22 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Sunrise
2013-06-19 10:38 - 2013-06-17 10:07 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-17 18:46 - 2013-03-03 13:18 - 00000000 ____D C:\Users\***\Documents\Knowhow
2013-06-17 10:11 - 2013-03-22 10:27 - 00000000 ____D C:\Users\***\Documents\Vorlagen
2013-06-17 09:47 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Homeoffice
2013-06-16 21:01 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Nesshy
2013-06-15 17:34 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Heidi
2013-06-14 16:01 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Swisscom
2013-06-13 16:12 - 2013-06-10 18:26 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
2013-06-13 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:54 - 2009-07-14 04:34 - 00000499 ____N C:\Windows\win.ini
2013-06-13 08:50 - 2013-02-24 18:53 - 75825640 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 14:23 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\OBCZ
2013-06-08 16:08 - 2013-06-15 15:32 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 15:32 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 15:32 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 20:58 - 2013-05-27 12:12 - 00000000 ____D C:\Users\***\Documents\Publikationen cst
2013-06-06 20:57 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Bewerbungsunterlagen
2013-06-03 17:08 - 2013-02-02 05:18 - 00000008 ____N C:\Windows\System32\Drivers\RTKHDAUD.DAT
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 15:25
==================== End Of Log ============================
--- --- --- Thx nochmals für Deine Engelsgeduld. cpstutz |
|
02.07.2013, 17:47
| #10 |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.07.2013, 20:28
| #11 |
| | Win32/Small.CA-Virus entfernen Hallo Schrauber, thx so far. Ich weiss nicht, ob ich noch "Probleme habe". Etwas beunruhigt bin ich darüber, dass bei dem ganzen Prozedere keine Malware gefunden worden ist. Ich habe widersprüchliche Informationen betreffend Win32/Small.CA im Web gefunden (vereinzelte meinen, es handle sich um einen false positive, andere halten den Trojaner für "severe") und es ist damit zu rechnen, dass es sich dabei um einen "schlafenden" Trojaner handelt, der bei Bedarf meinen Rechner an ein Bootnetz anschliessen könnte. Insofern wäre es mir wohler gewesen, wenn irgendeines dieser Programme etwas gefunden hätten. Meinst Du, dass nun das ganze System neu aufgesetzt werden sollte? Anbei die Logfiles: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5f904a23e0b7240be22436f4adf5e20
# engine=14238
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-02 06:04:33
# local_time=2013-07-02 08:04:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 8790 124418123 0 0
# compatibility_mode=8450 16777213 85 99 8420 11082769 0 0
# scanned=262542
# found=0
# cleaned=0
# scan_time=7254
Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox 21.0 Firefox out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Control swc_service.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Und das frische FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by *** (administrator) on 02-07-2013 20:15:29
Running from C:\Users\***\Desktop\aa_trojaner-board
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-17] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-02] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [6002984 2013-04-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-24] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [194856 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start [133944 2011-08-18] ()
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default\...\RunOnce: [] [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [] [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll C:\Windows\System32\nvinitx.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [218256 2013-02-24] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [221840 2013-02-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default
FF SearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.ch/|hxxp://www.admin.ch/ch/d/sr/sr.html|hxxp://www.zh.ch/internet/de/rechtliche_grundlagen/gesetze/loseblattsammlung/aktuelle_fassung.html#a-content|hxxp://www.gerichte-zh.ch/|hxxp://www.bger.ch/index/juridiction/jurisdiction-inherit-template/jurisdiction-recht/jurisdiction-recht-leitentscheide1954.htm|https://www.swisslex.ch/Home.mvc|hxxp://www.legalis.ch/bib/default.asp?typ=login&redir=%2Fbib%2Fdefault%2Easp|hxxp://www.swissblawg.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyProxy Basic - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\foxyproxy@eric.h.jung
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-11] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-11-07] (FileOpen Systems Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-24] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-02-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-24] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-02-24] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-02-24] (Sophos Limited)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-19] (Western Digital Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2013-02-05] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-27] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-02-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-02-24] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-02-24] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-02 16:27 - 2013-07-02 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 16:26 - 2013-07-02 16:26 - 00000000 ____D C:\JRT
2013-07-02 16:16 - 2013-07-02 16:17 - 00001412 ____A C:\AdwCleaner[S1].txt
2013-07-02 16:05 - 2013-07-02 16:05 - 00001120 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 16:05 - 2013-07-02 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 16:05 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-02 15:51 - 2013-07-02 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 11:28 - 2013-07-02 11:57 - 00000000 ___AD C:\Qoobox
2013-07-02 11:28 - 2013-07-02 11:55 - 00000000 ____D C:\Windows\erdnt
2013-07-02 11:28 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-02 11:28 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:54 - 2013-07-02 20:15 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-05-21 21:50 - 03425608 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-06-23 12:51 - 2013-05-21 15:57 - 00142408 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-06-23 12:51 - 2013-05-21 15:05 - 00576929 ____N C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-06-23 12:51 - 2013-05-21 14:15 - 24962560 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-06-23 12:51 - 2013-05-20 16:16 - 01003592 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-06-23 12:51 - 2013-05-20 14:36 - 02794056 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-06-23 12:51 - 2013-05-02 12:01 - 02103040 ____N (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib64.dll
2013-06-23 12:51 - 2013-04-30 19:53 - 03693640 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-06-23 12:51 - 2013-04-30 14:28 - 00916016 ____N (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-06-23 12:51 - 2013-04-24 17:16 - 01662024 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-06-23 12:51 - 2013-04-23 00:40 - 02735648 ____N (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-06-23 12:51 - 2013-03-23 03:43 - 00208072 ____N (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-06-23 12:51 - 2013-02-20 18:55 - 01284680 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00501192 ____N (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00487368 ____N (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00415688 ____N (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-06-23 12:51 - 2012-08-31 19:18 - 07164176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00434960 ____N (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00141584 ____N (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00124176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00075024 ____N (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-05-13 15:15 - 00064624 ____N (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-17 10:07 - 2013-06-19 10:38 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-15 15:32 - 2013-06-08 16:08 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 15:32 - 2013-06-08 16:07 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 15:32 - 2013-06-08 14:28 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 15:32 - 2013-06-08 13:42 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 15:32 - 2013-06-08 13:13 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 08:50 - 2013-05-17 03:25 - 02877440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 01767936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00690688 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00493056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00109056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00061440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00039424 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00033280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 02241024 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 00051712 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 08:50 - 2013-05-17 02:58 - 03958784 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00855552 ____N (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00603136 ____N (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00136704 ____N (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00053248 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00039936 ____N (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 08:50 - 2013-05-14 14:23 - 00089600 ____N (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 08:50 - 2013-05-14 10:40 - 00071680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 20:02 - 2013-05-13 07:51 - 01464320 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00139776 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 07:50 - 00052224 ____N (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 01160192 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00140288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00103936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 05:43 - 01192448 ____N (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00903168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:02 - 2013-05-10 07:49 - 00030720 ____N (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:02 - 2013-05-10 05:20 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:02 - 2013-05-08 08:39 - 01910632 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:02 - 2013-04-26 07:51 - 00751104 ____N (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:02 - 2013-04-26 06:55 - 00492544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:02 - 2013-04-26 01:30 - 01505280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:02 - 2013-04-17 09:02 - 01230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-17 08:24 - 01424384 ____N (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-01 00:52 - 01887232 ____N (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 18:26 - 2013-06-13 16:12 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
==================== One Month Modified Files and Folders =======
2013-07-02 20:15 - 2013-07-01 16:54 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-02 19:42 - 2013-02-02 05:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 19:19 - 2013-02-24 14:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 18:03 - 2013-02-02 04:47 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-07-02 18:03 - 2013-02-02 04:47 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-07-02 18:03 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 18:03 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 18:03 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 17:59 - 2013-02-02 05:10 - 02002241 ____A C:\Windows\WindowsUpdate.log
2013-07-02 17:57 - 2013-03-18 20:08 - 00000000 ___SD C:\Users\***\Google Drive
2013-07-02 17:57 - 2013-03-18 20:03 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-02 17:57 - 2013-03-18 20:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-02 17:57 - 2013-02-02 05:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 17:56 - 2013-05-20 11:42 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat
2013-07-02 17:56 - 2013-02-02 05:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 17:56 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 17:55 - 2009-07-14 06:51 - 00087818 ____A C:\Windows\setupact.log
2013-07-02 16:27 - 2013-07-02 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 16:26 - 2013-07-02 16:26 - 00000000 ____D C:\JRT
2013-07-02 16:18 - 2010-11-21 05:47 - 00609326 ____A C:\Windows\PFRO.log
2013-07-02 16:17 - 2013-07-02 16:16 - 00001412 ____A C:\AdwCleaner[S1].txt
2013-07-02 16:05 - 2013-07-02 16:05 - 00001120 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 16:05 - 2013-07-02 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 15:51 - 2013-07-02 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 13:36 - 2013-04-27 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-02 13:36 - 2013-02-02 05:11 - 00178106 ____A C:\Windows\DPINST.LOG
2013-07-02 13:35 - 2013-04-27 17:01 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-07-02 13:35 - 2013-03-02 08:46 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-07-02 11:57 - 2013-07-02 11:28 - 00000000 ___AD C:\Qoobox
2013-07-02 11:57 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-07-02 11:55 - 2013-07-02 11:28 - 00000000 ____D C:\Windows\erdnt
2013-07-02 11:52 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-02 11:51 - 2009-07-14 04:34 - 78905344 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 22806528 ____A C:\Windows\System32\config\SYSTEM.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-01 16:51 - 2013-02-24 22:40 - 00000000 ____D C:\users\Admin
2013-07-01 14:06 - 2013-03-17 17:34 - 00000000 ____D C:\Users\***\Documents\Anki
2013-07-01 14:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 12:01 - 2013-02-02 05:25 - 00000000 ____D C:\swshare
2013-07-01 11:13 - 2013-03-17 17:31 - 00000000 ____D C:\Users\***\Documents\Ramschsammlung
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-26 08:56 - 2013-05-06 18:39 - 00000000 ____D C:\Users\***\AppData\Local\CutePDF Writer
2013-06-24 17:25 - 2013-05-10 15:48 - 01590378 ____N C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 17:13 - 2013-02-24 20:13 - 00000000 ____D C:\ldiag
2013-06-23 15:50 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Anwaltsprüfung
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00867240 ____N (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00789416 ____N (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-02-02 05:18 - 00003043 ____N C:\RHDSetup.log
2013-06-23 12:51 - 2013-02-02 05:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-02-02 05:18 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-20 15:25 - 2013-03-18 12:24 - 00000000 ____D C:\Users\***\Documents\Scans
2013-06-20 13:22 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Sunrise
2013-06-19 10:38 - 2013-06-17 10:07 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-17 18:46 - 2013-03-03 13:18 - 00000000 ____D C:\Users\***\Documents\Knowhow
2013-06-17 10:11 - 2013-03-22 10:27 - 00000000 ____D C:\Users\***\Documents\Vorlagen
2013-06-17 09:47 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Homeoffice
2013-06-16 21:01 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Nesshy
2013-06-15 17:34 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Heidi
2013-06-14 16:01 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Swisscom
2013-06-13 16:12 - 2013-06-10 18:26 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
2013-06-13 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:54 - 2009-07-14 04:34 - 00000499 ____N C:\Windows\win.ini
2013-06-13 08:50 - 2013-02-24 18:53 - 75825640 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 14:23 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\OBCZ
2013-06-08 16:08 - 2013-06-15 15:32 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 15:32 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 15:32 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 20:58 - 2013-05-27 12:12 - 00000000 ____D C:\Users\***\Documents\Publikationen cst
2013-06-06 20:57 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Bewerbungsunterlagen
2013-06-03 17:08 - 2013-02-02 05:18 - 00000008 ____N C:\Windows\System32\Drivers\RTKHDAUD.DAT
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 15:25
==================== End Of Log ============================
--- --- --- Danke nochmals für Deine Mühe cpstutz |
|
03.07.2013, 08:23
| #12 |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus entfernen Combofix hat ihn entfernt  Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.07.2013, 09:48
| #13 |
| | Win32/Small.CA-Virus entfernen Schrauber, Du bist mein Held der Woche!!!  Herzlichen Dank für Deine Hilfe!Alles so unternommen, wie Du angewiesen hast. Du kannst diesen Thread aus dem Abo löschen. Weiterhin viele Erfolgserlebnisse und eine gute Zeit. Gruss, cpstutz |
|
03.07.2013, 10:42
| #14 |
| /// the machine /// TB-Ausbilder | Win32/Small.CA-Virus entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win32/Small.CA-Virus entfernen |
| 7-zip, adobe reader xi, bho, bluescreen, bonjour, browser, desktop, entfernen, error, failed, firefox, flash player, frage, google, helper, homepage, iexplore.exe, install.exe, logfile, mozilla, nvpciflt.sys, object, popup, pwmtr64v.dll, realtek, registry, security, software, svchost.exe, symantec |
