Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win32/Small.CA-Virus entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.07.2013, 17:49   #1
cpstutz
 
Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Hallo zusammen
Windows zeigt folgende Meldung an: "Entfernen des Win32/Small.CA-Virus. Windows hat Win32/Small.CA, einen bekannten Computervirus, auf Ihrem PC erkannt. Win32/Small.CA hat bewirkt, dss Ihr PC 1 Mal nicht ordnungsgemäss funktioniert hat, zuletzt am/um 29.06.2013 20:32"

Den PC habe ich vollständig mit Sophos Endpoint Security Control und Windows Defender gescannt, jedoch mit beiden nichts gefunden.

Auf Eurem Forum bin ich auf den Thread von "ElWursto" gestossen (http://www.trojaner-board.de/137286-...-gefunden.html).

Es stellt sich nun die Frage, ob ich genau wie in diesem Thread beschrieben, vorgehen soll.

Die Vorbereitungen habe ich wie beschrieben vorgenommen. Schritt 1 (defogger) und Schritt 2 (OTL) haben problemlos geklappt (txt-files sogleich), bei Schritt 3 (Gmer-Scanner) hat der PC allerdings dann einen Bluescreen produziert.

OTL-text-file:
OTL logfile created on: 01.07.2013 16:58:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\aa_trojaner-board
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

7.70 Gb Total Physical Memory | 5.34 Gb Available Physical Memory | 69.28% Memory free
15.41 Gb Paging File | 12.93 Gb Available in Paging File | 83.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.72 Gb Total Space | 270.25 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
Drive G: | 931.48 Gb Total Space | 669.83 Gb Free Space | 71.91% Space Free | Partition Type: NTFS
Drive Q: | 17.58 Gb Total Space | 4.54 Gb Free Space | 25.80% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.67 Gb Free Space | 45.95% Space Free | Partition Type: NTFS

Computer Name: THINKPAD-T | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.01 16:56:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\aa_trojaner-board\OTL.exe
PRC - [2013.06.06 23:57:24 | 019,676,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013.05.30 16:01:56 | 000,364,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013.05.30 16:01:10 | 000,167,736 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013.05.29 18:00:30 | 000,187,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2013.05.29 18:00:24 | 000,293,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2013.05.29 18:00:20 | 000,073,000 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2013.05.29 17:59:58 | 000,058,664 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.23 06:54:00 | 001,667,368 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2013.04.23 06:54:00 | 000,127,784 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2013.04.22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013.03.21 16:12:24 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.03.21 08:10:10 | 005,687,152 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2013.03.21 08:09:20 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2013.03.18 17:25:40 | 000,846,120 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2013.03.18 17:25:22 | 000,194,856 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
PRC - [2013.03.18 17:07:58 | 000,602,112 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2013.02.24 14:36:40 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.02.24 14:36:39 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.02.24 14:35:32 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2013.02.24 14:34:22 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2013.02.24 14:33:42 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2013.01.10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.05 07:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
PRC - [2012.09.14 08:15:44 | 000,583,744 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
PRC - [2012.08.25 11:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
PRC - [2012.06.13 17:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2012.05.16 02:45:22 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
PRC - [2012.04.19 10:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2012.04.19 09:32:12 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2010.08.31 15:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2010.03.12 00:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013.07.01 16:43:31 | 001,022,416 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\windows._cacheinvalidation.pyd
MOD - [2013.07.01 16:43:31 | 000,805,888 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._gdi_.pyd
MOD - [2013.07.01 16:43:31 | 000,557,056 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\pysqlite2._sqlite.pyd
MOD - [2013.07.01 16:43:31 | 000,364,544 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\pythoncom27.dll
MOD - [2013.07.01 16:43:31 | 000,320,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32com.shell.shell.pyd
MOD - [2013.07.01 16:43:31 | 000,128,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_elementtree.pyd
MOD - [2013.07.01 16:43:31 | 000,098,816 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32api.pyd
MOD - [2013.07.01 16:43:31 | 000,087,040 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_ctypes.pyd
MOD - [2013.07.01 16:43:31 | 000,070,656 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._html2.pyd
MOD - [2013.07.01 16:43:31 | 000,044,032 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_socket.pyd
MOD - [2013.07.01 16:43:31 | 000,026,624 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_multiprocessing.pyd
MOD - [2013.07.01 16:43:31 | 000,022,528 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32ts.pyd
MOD - [2013.07.01 16:43:31 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32profile.pyd
MOD - [2013.07.01 16:43:31 | 000,011,264 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32crypt.pyd
MOD - [2013.07.01 16:43:30 | 001,175,040 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._core_.pyd
MOD - [2013.07.01 16:43:30 | 001,153,024 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_ssl.pyd
MOD - [2013.07.01 16:43:30 | 000,811,008 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._windows_.pyd
MOD - [2013.07.01 16:43:30 | 000,735,232 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._misc_.pyd
MOD - [2013.07.01 16:43:30 | 000,711,680 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\_hashlib.pyd
MOD - [2013.07.01 16:43:30 | 000,122,368 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._wizard.pyd
MOD - [2013.07.01 16:43:30 | 000,119,808 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32file.pyd
MOD - [2013.07.01 16:43:30 | 000,110,080 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\pywintypes27.dll
MOD - [2013.07.01 16:43:30 | 000,108,544 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32security.pyd
MOD - [2013.07.01 16:43:30 | 000,038,912 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32inet.pyd
MOD - [2013.07.01 16:43:30 | 000,035,840 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32process.pyd
MOD - [2013.07.01 16:43:30 | 000,025,600 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32pdh.pyd
MOD - [2013.07.01 16:43:29 | 001,062,400 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\wx._controls_.pyd
MOD - [2013.07.01 16:43:29 | 000,686,080 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\unicodedata.pyd
MOD - [2013.07.01 16:43:29 | 000,127,488 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\pyexpat.pyd
MOD - [2013.07.01 16:43:29 | 000,018,432 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\win32event.pyd
MOD - [2013.07.01 16:43:29 | 000,010,240 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\_MEI62722\select.pyd
MOD - [2013.05.16 08:02:29 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d701cc56a037e8673e4880ae819b23bf\System.Runtime.Serialization.ni.dll
MOD - [2013.05.16 08:02:29 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\8e3479ab33dd0bc6a074003a28d9f28a\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.05.15 18:49:07 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d5eb9579d1850678612625ab995629ea\System.Core.ni.dll
MOD - [2013.05.15 18:49:03 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\11dfbb7df959cb6dd5b57816141de355\System.Configuration.ni.dll
MOD - [2013.05.11 07:13:13 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll
MOD - [2013.05.10 16:28:32 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013.05.10 16:28:21 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013.05.10 16:28:16 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.10.11 22:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.10.11 22:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.31 18:48:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.08.18 19:31:16 | 000,247,096 | ---- | M] () -- C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO\CDRecord.dll
MOD - [2006.01.12 21:20:26 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.deu
MOD - [2006.01.12 21:13:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA


========== Services (SafeList) ==========

SRV:64bit: - [2013.05.29 18:00:30 | 000,187,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV:64bit: - [2013.05.29 18:00:20 | 000,073,000 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2013.05.29 17:59:58 | 000,058,664 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2013.02.08 17:40:34 | 003,386,608 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013.02.08 17:40:08 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013.02.08 17:39:48 | 000,621,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013.02.08 17:39:14 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013.01.21 08:40:38 | 001,006,384 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012.12.11 07:22:08 | 000,060,272 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2012.12.10 14:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2012.12.10 14:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012.12.05 07:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2012.11.07 20:12:54 | 000,335,288 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe -- (FileOpenManagerService)
SRV:64bit: - [2012.09.08 13:21:40 | 000,145,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe -- (TPHKLOAD)
SRV:64bit: - [2012.08.25 11:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2012.08.10 20:49:38 | 000,136,288 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2012.05.30 01:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2011.12.29 08:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.13 08:48:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.30 16:01:56 | 000,364,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013.05.30 16:01:10 | 000,167,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013.05.24 21:33:18 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.23 06:54:00 | 001,667,368 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2013.04.23 06:54:00 | 001,664,808 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2013.04.23 06:54:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2013.04.22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013.04.11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013.03.21 16:12:24 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.03.21 08:09:20 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.28 02:47:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.24 14:36:40 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.02.24 14:35:32 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2013.02.24 14:34:22 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2013.02.24 14:33:42 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2013.02.24 14:32:35 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2013.01.10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.03 13:52:48 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.19 10:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2010.08.31 15:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.12 00:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.05.13 15:15:06 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.04.23 06:54:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2013.04.23 06:54:00 | 000,020,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2013.04.17 22:16:38 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013.04.17 22:16:36 | 000,044,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013.02.28 02:47:56 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013.02.28 02:47:42 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.02.24 14:35:57 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2013.02.24 14:35:00 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2013.02.24 14:32:17 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2013.02.05 11:00:26 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013.02.02 05:01:13 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.11 07:22:08 | 000,042,824 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.12.04 01:08:28 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.09.25 03:32:10 | 000,165,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.09.10 11:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.09.03 13:52:42 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.14 09:33:22 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2012.07.23 11:11:44 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2012.05.30 06:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.04.20 03:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012.04.20 03:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012.04.19 09:32:08 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.04.19 09:32:06 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.04.19 09:32:06 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.04.18 15:38:02 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.28 13:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012.03.27 02:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS -- (PHCORE)
DRV:64bit: - [2012.03.06 08:59:42 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.01.11 05:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.12.29 08:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.12.26 11:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.12.08 23:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.08 23:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.12.08 04:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
DRV:64bit: - [2011.05.30 17:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV:64bit: - [2011.05.29 12:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011.05.26 03:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013.02.02 05:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP2X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013.02.02 05:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.11 07:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.11 07:53:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013.03.18 14:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.05.24 21:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 21:33:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65FCFB23-EEE1-4C2E-AACC-5889BAFEFF15}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A96FFC98-071E-4803-B5B3-E437E99833C3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F09041C2-F9A5-4290-A126-14E0ED766DCD}: DhcpNameServer = 195.186.152.33 195.186.216.33
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.15 05:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{72456fc6-6ce5-11e2-bf73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72456fc6-6ce5-11e2-bf73-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 05:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.29 20:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anki
[2013.06.23 12:53:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2013.06.23 12:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013.06.23 12:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel.sav
[2013.06.23 12:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
[2013.06.23 12:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dolby Advanced Audio v2
[2013.06.23 12:51:06 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.06.23 12:51:03 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.06.23 12:51:03 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.06.23 12:51:03 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.06.23 12:51:03 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.06.23 12:51:03 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.06.23 12:51:02 | 002,735,648 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.06.23 12:51:02 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.06.23 12:51:02 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.06.23 12:51:02 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.06.11 07:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.11 07:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.11 07:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.11 07:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.11 07:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.11 07:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.06.11 07:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.01 16:51:39 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.07.01 16:49:58 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.01 16:49:58 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.01 16:49:53 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.01 16:49:53 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.01 16:49:53 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.01 16:49:53 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.01 16:49:53 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.01 16:43:12 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.01 16:43:00 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013.07.01 16:41:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.01 16:41:10 | 1909,686,271 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.01 15:42:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.01 15:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.29 20:24:51 | 000,000,742 | ---- | M] () -- C:\Users\Admin\Desktop\Anki.lnk
[2013.06.24 17:25:05 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.11 07:57:39 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.11 07:53:29 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.06.03 17:08:30 | 000,000,008 | ---- | M] () -- C:\Windows\SysNative\drivers\RTKHDAUD.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.01 16:51:39 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.06.29 20:24:51 | 000,000,754 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
[2013.06.29 20:24:51 | 000,000,742 | ---- | C] () -- C:\Users\Admin\Desktop\Anki.lnk
[2013.06.23 12:51:04 | 000,576,929 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.06.11 07:57:39 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.11 07:53:29 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.20 11:42:26 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013.05.10 15:51:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013.05.10 15:48:46 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.06 16:14:09 | 000,706,560 | ---- | C] () -- C:\Windows\is-NKRQD.exe
[2013.02.24 18:05:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.02.24 13:31:14 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2013.02.02 05:19:05 | 000,756,084 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013.02.02 05:19:02 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.09.03 13:52:50 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.09.03 13:52:40 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.09.03 13:52:32 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.02.03 08:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.05.06 09:30:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON
[2013.02.24 22:41:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2013.02.24 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lenovo
[2013.02.24 22:41:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LSC
[2013.02.24 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PwrMgr

========== Purity Check ==========



< End of report >


Inhalt des Extras-text-files:
OTL Extras logfile created on: 01.07.2013 16:58:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\aa_trojaner-board
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

7.70 Gb Total Physical Memory | 5.34 Gb Available Physical Memory | 69.28% Memory free
15.41 Gb Paging File | 12.93 Gb Available in Paging File | 83.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.72 Gb Total Space | 270.25 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
Drive G: | 931.48 Gb Total Space | 669.83 Gb Free Space | 71.91% Space Free | Partition Type: NTFS
Drive Q: | 17.58 Gb Total Space | 4.54 Gb Free Space | 25.80% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.67 Gb Free Space | 45.95% Space Free | Partition Type: NTFS

Computer Name: THINKPAD-T | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F494A1F-E6DA-4352-8C99-ED5BC4C27B8A}" = rport=137 | protocol=17 | dir=out | app=system |
"{1E607942-CD13-42B4-986C-0AAF586F1C05}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FDDCB72-6F2C-40BE-9B30-B1386DE402BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{203C600C-F87C-4B9B-ACD0-CDAC0FDCD4EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2CD8E6A9-2C4A-4984-BFE7-ABE54D1C89D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{2FEA16D9-13F6-4EA3-87FA-9113192051B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38ED7BEA-E2E8-449A-9139-80AE7204CAE4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3CA68BEB-37BF-4332-BCE4-50E93186D374}" = lport=137 | protocol=17 | dir=in | app=system |
"{46F6EC7A-20FC-459A-AD47-A82C7652DC00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BD68A27-9EC2-445F-92EB-C8FDFE1978B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4CCB2BBD-1A78-490C-B4AA-E5879A21CC4F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{529BC049-2A82-464D-AFC8-38774A738EC4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{58198614-3B9C-443A-BF62-8869EF3A17E9}" = rport=445 | protocol=6 | dir=out | app=system |
"{5A80F9C0-0A62-49B9-869A-1EFCDB5663D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D1B6434-7614-428B-959B-0B9B7753937D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64ED009E-83F5-41DA-9EAE-636F0D20EAE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D5FCA26-8189-4CC9-88F8-19ADEE0062E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{704FA987-AEC8-4C33-952C-92078020F5FA}" = lport=139 | protocol=6 | dir=in | app=system |
"{72D74402-B726-4C20-B76B-CC7A7AA7A45C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73AB1FB2-6643-4254-9C36-43374D9E0006}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79613720-32D1-4226-8DA9-EFBEC76E5D34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{806983D9-9DA0-455D-B31A-3460A4CB38A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{885DA21C-6A34-4CD5-A92B-A312AEB1217C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A32268E1-BBFC-4E4E-9ECC-F14E22A9F4EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A770E61D-C73E-4952-92C2-7BF97AFCB0D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA5F7F54-784C-4704-B511-3C464B6036E0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B1C82449-B588-4FEF-8742-51E1641FD364}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE0CB540-29DB-463F-A4CD-6CC6A258A92D}" = rport=138 | protocol=17 | dir=out | app=system |
"{D3052FCF-5111-48EC-AE88-DE6CBC21856E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD504C55-8D63-4704-8B79-49CD6727A7C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EB96D45A-CB99-45F7-B421-0A4A57271E46}" = lport=445 | protocol=6 | dir=in | app=system |
"{F28602D1-00E3-451B-B591-07DC57B4B59D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FD3B4448-D6E5-4C87-981C-21B10DB0F81F}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BBC743-0D6E-4818-B59F-C827548E094F}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{09559199-DE3F-433A-9975-4689BE204F6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A941947-C6F1-4AE4-AA8E-7847A3787166}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{31870F99-F48E-4366-A1A7-545E5E88B062}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{32348268-6927-44B5-B1B9-8E10E24E50B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{341C946D-F3A9-4789-9162-179CFAC31D06}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{367929DE-D638-4CF5-B501-AF0E085AFF6B}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{3797E4F2-BAED-4678-8E3B-AD56011F9287}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A5AB69F-8B33-4CBE-B94C-E7A3B64F69FB}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{45CDF980-ECAF-4C01-AF49-8713DFBBAF1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{49833BB4-B8FF-41C6-B23C-6A4B9FF7B24D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E4EC691-D316-4AD3-9C60-3438A90ED3A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51FC606F-C92D-4DD2-BAB9-76B2FDCB9489}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5420F78B-E6D1-40EA-9DC7-D8EE3A32F2A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5742D718-2C44-4920-84A4-EC2E81D3D466}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5DCB851E-54DF-45BA-B0D4-54C56886C224}" = protocol=6 | dir=out | app=system |
"{6269C4A3-8235-4F00-B996-A8FCCE1C078E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63CAF87E-8D48-42D6-9E06-0533596DF18A}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{730E365E-4833-4C28-98D6-3BCD0D0F46B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{763E8D9E-7219-4BD2-9E86-6E8B5069B0D5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7976C2D4-5D0D-4D56-BDC0-C2E568179F95}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7D73E555-329A-40B4-8B24-CFB988916C83}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8277D3D6-9EF9-4FBD-BC99-7DB2FF4A8A0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84DDFA89-7983-4EFD-BD2F-B0AC5F436CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{8AF49534-BE99-4452-80E3-B3FC855268E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8EEE1D29-94F7-4465-9844-7259D8134365}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{9849317A-ED40-4A9B-ADF6-C69C885B92C3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A1FAA14D-58A4-4D61-B521-46B8A6AEC9C7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ACFDED3A-5C85-47C9-887C-3E2E07E35FD6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF5612F7-8F5D-4600-BC61-B8F93C814F0A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B054EF6E-56F9-4ABC-BFA3-292401556C00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1429E70-6F37-466F-BA34-CBD069190A71}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C298C9DB-4D37-4F10-B0D9-963494FD245D}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{C3260876-3A1B-419A-9AD3-F7CE57526CF5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C478FE8E-C3E2-4EE6-8AB9-CA7E2AFB659F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D7A97C97-F9E1-4F85-A731-F424F6A8CDA8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E27F1A53-47B8-41D7-BC07-75B89554DA27}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F298E487-29B9-4149-91EB-CFF3EF00AB64}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{F5216051-87E2-4F1D-A5B5-9A1887F631E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F5AE07D2-CFAB-493A-947E-89600141146E}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"TCP Query User{1EA7CCCF-A125-4C28-BE26-B60286F2E9DA}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{26CB041B-CDC1-47DF-8212-4235C8CE7AB1}C:\users\***\appdata\roaming\naogi\golup.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\naogi\golup.exe |
"UDP Query User{4B0694D5-5DC3-48B1-83E2-6F83E91FD982}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E16D1AB0-6E3E-45C3-BCCF-98AA3762EBC8}C:\users\***\appdata\roaming\naogi\golup.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\naogi\golup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3849486C-FF09-4F5D-B491-3E179D58EE15}" = Message Center Plus
"{4041B18B-DE30-4D78-9D60-6ADC586C5E00}" = Lenovo Solution Center
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{49A09C2C-FFF4-478E-B397-5E0979F67F5D}" = Lenovo Patch Utility 64 bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot Shield
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{728985C5-A04B-457C-9D62-15360F3EAF85}" = Intel(R) WiDi
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7C6CD9B4-B230-4E76-80AA-FB465FF4DE29}" = Intel(R) PROSet/Wireless WiFi Software Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84438A60-EF36-46C5-A0D5-6D1D5E0CAED1}" = FileOpen Client (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DD178D9D-89DD-4F15-9E56-57C85D1EDF36}" = WD SmartWare
"{DEF50764-F1A7-4DD4-B8BA-C81A4807631A}" = Intel® PROSet/Wireless WiFi Software
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F58DA859-016E-492D-A588-317D9BB28002}" = ThinkVantage Fingerprint Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"09839A9B5EDA69DA2DCC34637B5140AAF8A53B44" = Windows Driver Package - Intel System (01/11/2012 9.3.0.1020)
"64B3C27E4CF7B6AD920184EFFF6C488C55EF2892" = Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0)
"97EE1802A0385A37DE6323FA39EC76BEB2D73E41" = Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011)
"9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011)
"CutePDF Writer Installation" = CutePDF Writer 3.0
"D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"E3535F123E7F666D573665142F90D3E5004DC326" = Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
"EC2A0F2B229770EC589265FCF2B4839A0C221993" = Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"EPSON BX935FWD Series" = Druckerdeinstallation für EPSON BX935FWD Series
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124310E8-7C49-4C33-B4F2-3CF43F3830B7}" = WD Quick View
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3B9DC4B3-A06A-46B9-8CCE-CAB0BE913244}" = RnR Sysprep Patch
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{924A274D-38B6-4930-8859-F3F51CFA8DDD}" = WD SES Driver Setup
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}" = Rescue and Recovery
"{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}" = WD SmartWare Installer
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}" = Lenovo Patch Utility
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fad118b4-798f-4755-9e67-a622eec95b62}" = Intel® PROSet/Wireless Software
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.4 Professional - English, Français, Deutsch
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V_714" = Adobe Acrobat 7.1.4 - CPSID_50030
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anki" = Anki
"EPSON Scanner" = EPSON Scan
"Fastboot" = RapidBoot HDD Accelerator
"Google Chrome" = Google Chrome
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"QUICKfind" = QUICKfind server v1.1
"SugarSync" = SugarSync Manager
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22.06.2013 07:02:03 | Computer Name = Thinkpad-T | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 22.06.2013 07:02:03 | Computer Name = Thinkpad-T | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 22.06.2013 12:02:39 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10
Description =

Error - 22.06.2013 12:09:57 | Computer Name = Thinkpad-T | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 22.06.2013 14:01:32 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10
Description =

Error - 22.06.2013 14:46:03 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10
Description =

Error - 22.06.2013 14:58:29 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10
Description =

Error - 22.06.2013 15:18:29 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10
Description =

Error - 23.06.2013 04:00:07 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10
Description =

Error - 23.06.2013 04:03:28 | Computer Name = Thinkpad-T | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 11

Error - 23.06.2013 06:32:32 | Computer Name = Thinkpad-T | Source = WinMgmt | ID = 10
Description =

[ Lenovo-Lenovo Patch Utility/Admin Events ]
Error - 30.04.2013 09:12:31 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches//PM.manifest.xml".
Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.

Error - 30.04.2013 09:12:31 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.

Error - 06.05.2013 12:51:24 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
konnten nicht übersetzt werden.

Error - 06.05.2013 12:51:26 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.

Error - 06.05.2013 12:51:26 | Computer Name = Thinkpad-T | Source = Lenovo Patch Utility | ID = 2
Description = manifest file was not found on server

[ Lenovo-Message Center Plus/Admin Events ]
Error - 19.04.2013 08:46:14 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 20.04.2013 06:41:42 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 20.04.2013 06:41:42 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 20.04.2013 06:41:42 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 20.04.2013 10:43:41 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 20.04.2013 10:43:43 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 20.04.2013 10:43:45 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 21.04.2013 08:32:33 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 21.04.2013 08:32:33 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 21.04.2013 08:32:33 | Computer Name = Thinkpad-T | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

[ System Events ]
Error - 01.07.2013 09:46:03 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.07.2013 09:46:03 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.07.2013 09:46:03 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.07.2013 09:46:16 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.07.2013 09:46:26 | Computer Name = Thinkpad-T | Source = DCOM | ID = 10005
Description =

Error - 01.07.2013 09:47:27 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 01.07.2013 10:42:00 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst nvsvc erreicht.

Error - 01.07.2013 10:43:50 | Computer Name = Thinkpad-T | Source = DCOM | ID = 10016
Description =

Error - 01.07.2013 10:44:56 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 01.07.2013 10:44:56 | Computer Name = Thinkpad-T | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069


< End of report >

Könnt Ihr mir dabei helfen? Vielen Dank schon mal.
Beste Grüsse
cpstutz

Alt 01.07.2013, 17:51   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



HI,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 01.07.2013, 18:19   #3
cpstutz
 
Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Hallo, vielen Dank für die rasche Antwort. Hier die gewünschten Log-files:

FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by *** (ATTENTION: The logged in user is not administrator) on 01-07-2013 18:08:32
Running from C:\Users\***\Desktop\aa_trojaner-board
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-17] (Synaptics Incorporated)
HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-02] (Google Inc.)
HKCU\...\Run: [Texuyx] C:\Users\***\AppData\Roaming\Naogi\golup.exe [x]
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
MountPoints2: {72456fc6-6ce5-11e2-bf73-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {ec80e847-8408-11e2-98df-806e6f6e6963} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [6002984 2013-04-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-24] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-03-21] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [194856 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start [133944 2011-08-18] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-02-24] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-02-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\user.js
FF SearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.ch/|hxxp://www.admin.ch/ch/d/sr/sr.html|hxxp://www.zh.ch/internet/de/rechtliche_grundlagen/gesetze/loseblattsammlung/aktuelle_fassung.html#a-content|hxxp://www.gerichte-zh.ch/|hxxp://www.bger.ch/index/juridiction/jurisdiction-inherit-template/jurisdiction-recht/jurisdiction-recht-leitentscheide1954.htm|https://www.swisslex.ch/Home.mvc|hxxp://www.legalis.ch/bib/default.asp?typ=login&redir=%2Fbib%2Fdefault%2Easp|hxxp://www.swissblawg.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyProxy Basic - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\foxyproxy@eric.h.jung
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-11] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-11-07] (FileOpen Systems Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-24] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-02-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-24] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-02-24] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-02-24] (Sophos Limited)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-03-21] (Western Digital Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2013-02-05] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-27] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-02-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-02-24] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-02-24] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:54 - 2013-07-01 18:07 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-05-21 21:50 - 03425608 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-06-23 12:51 - 2013-05-21 15:57 - 00142408 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-06-23 12:51 - 2013-05-21 15:05 - 00576929 ____N C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-06-23 12:51 - 2013-05-21 14:15 - 24962560 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-06-23 12:51 - 2013-05-20 16:16 - 01003592 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-06-23 12:51 - 2013-05-20 14:36 - 02794056 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-06-23 12:51 - 2013-05-02 12:01 - 02103040 ____N (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib64.dll
2013-06-23 12:51 - 2013-04-30 19:53 - 03693640 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-06-23 12:51 - 2013-04-30 14:28 - 00916016 ____N (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-06-23 12:51 - 2013-04-24 17:16 - 01662024 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-06-23 12:51 - 2013-04-23 00:40 - 02735648 ____N (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-06-23 12:51 - 2013-03-23 03:43 - 00208072 ____N (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-06-23 12:51 - 2013-02-20 18:55 - 01284680 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00501192 ____N (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00487368 ____N (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00415688 ____N (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-06-23 12:51 - 2012-08-31 19:18 - 07164176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00434960 ____N (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00141584 ____N (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00124176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00075024 ____N (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-05-13 15:15 - 00064624 ____N (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-17 10:07 - 2013-06-19 10:38 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-15 15:32 - 2013-06-08 16:08 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 15:32 - 2013-06-08 16:07 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 15:32 - 2013-06-08 14:28 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 15:32 - 2013-06-08 13:42 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 15:32 - 2013-06-08 13:13 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 08:50 - 2013-05-17 03:25 - 02877440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 01767936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00690688 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00493056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00109056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00061440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00039424 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00033280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 02241024 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 00051712 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 08:50 - 2013-05-17 02:58 - 03958784 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00855552 ____N (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00603136 ____N (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00136704 ____N (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00053248 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00039936 ____N (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 08:50 - 2013-05-14 14:23 - 00089600 ____N (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 08:50 - 2013-05-14 10:40 - 00071680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 20:02 - 2013-05-13 07:51 - 01464320 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00139776 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 07:50 - 00052224 ____N (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 01160192 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00140288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00103936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 05:43 - 01192448 ____N (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00903168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:02 - 2013-05-10 07:49 - 00030720 ____N (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:02 - 2013-05-10 05:20 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:02 - 2013-05-08 08:39 - 01910632 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:02 - 2013-04-26 07:51 - 00751104 ____N (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:02 - 2013-04-26 06:55 - 00492544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:02 - 2013-04-26 01:30 - 01505280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:02 - 2013-04-17 09:02 - 01230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-17 08:24 - 01424384 ____N (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-01 00:52 - 01887232 ____N (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____N C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____N C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 18:26 - 2013-06-13 16:12 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center

==================== One Month Modified Files and Folders =======

2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 18:07 - 2013-07-01 16:54 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 17:42 - 2013-02-02 05:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 17:31 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:31 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:29 - 2013-02-02 04:47 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-07-01 17:29 - 2013-02-02 04:47 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-07-01 17:29 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 17:27 - 2013-02-02 05:10 - 01928076 ____A C:\Windows\WindowsUpdate.log
2013-07-01 17:25 - 2013-03-18 20:08 - 00000000 ___SD C:\Users\***\Google Drive
2013-07-01 17:25 - 2013-03-18 20:03 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-01 17:25 - 2013-03-18 20:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-01 17:25 - 2013-02-02 05:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 17:25 - 2013-02-02 05:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 17:24 - 2013-05-20 11:42 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat
2013-07-01 17:24 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:23 - 2009-07-14 06:51 - 00086888 ____A C:\Windows\setupact.log
2013-07-01 17:19 - 2013-02-24 14:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-01 16:51 - 2013-02-24 22:40 - 00000000 ____D C:\users\Admin
2013-07-01 14:06 - 2013-03-17 17:34 - 00000000 ____D C:\Users\***\Documents\Anki
2013-07-01 14:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 12:01 - 2013-02-02 05:25 - 00000000 ____D C:\swshare
2013-07-01 11:13 - 2013-03-17 17:31 - 00000000 ____D C:\Users\***\Documents\Ramschsammlung
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-26 08:56 - 2013-05-06 18:39 - 00000000 ____D C:\Users\***\AppData\Local\CutePDF Writer
2013-06-24 17:25 - 2013-05-10 15:48 - 01590378 ____N C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 17:13 - 2013-02-24 20:13 - 00000000 ____D C:\ldiag
2013-06-23 15:50 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Anwaltsprüfung
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00867240 ____N (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00789416 ____N (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-23 12:53 - 2013-02-02 05:11 - 00166482 ____N C:\Windows\DPINST.LOG
2013-06-23 12:52 - 2013-04-27 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-02-02 05:18 - 00003043 ____N C:\RHDSetup.log
2013-06-23 12:51 - 2013-02-02 05:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-02-02 05:18 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-20 15:25 - 2013-03-18 12:24 - 00000000 ____D C:\Users\***\Documents\Scans
2013-06-20 13:22 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Sunrise
2013-06-19 10:38 - 2013-06-17 10:07 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-17 18:46 - 2013-03-03 13:18 - 00000000 ____D C:\Users\***\Documents\Knowhow
2013-06-17 10:11 - 2013-03-22 10:27 - 00000000 ____D C:\Users\***\Documents\Vorlagen
2013-06-17 09:47 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Homeoffice
2013-06-16 21:01 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Nesshy
2013-06-15 17:34 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Heidi
2013-06-14 16:01 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Swisscom
2013-06-13 16:12 - 2013-06-10 18:26 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
2013-06-13 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:54 - 2009-07-14 04:34 - 00000499 ____N C:\Windows\win.ini
2013-06-13 08:50 - 2013-02-24 18:53 - 75825640 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____N C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____N C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 14:23 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\OBCZ
2013-06-08 16:08 - 2013-06-15 15:32 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 15:32 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 15:32 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 16:02 - 2010-11-21 05:47 - 00606422 ____N C:\Windows\PFRO.log
2013-06-06 20:58 - 2013-05-27 12:12 - 00000000 ____D C:\Users\***\Documents\Publikationen cst
2013-06-06 20:57 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Bewerbungsunterlagen
2013-06-03 17:08 - 2013-02-02 05:18 - 00000008 ____N C:\Windows\System32\Drivers\RTKHDAUD.DAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Addition-file:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2013 03
Ran by *** at 2013-07-01 18:14:10
Running from C:\Users\***\Desktop\aa_trojaner-board
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.4)
Adobe Acrobat 7.1.4 - CPSID_50030 (x32)
Adobe Acrobat 7.1.4 Professional - English, Français, Deutsch (x32 Version: 7.1.4)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Anki (x32)
Anzeige am Bildschirm (Version: 7.12.00)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Cambridge Advanced Learner's Dictionary - 3rd Edition (x32)
CDBurnerXP (x32 Version: 4.5.1.3868)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Corel WinDVD (x32 Version: 10.0.6.392)
Create Recovery Media (x32 Version: 1.20.0.00)
CutePDF Writer 3.0 (Version:  3.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.17)
Dropbox (HKCU Version: 2.0.22)
Druckerdeinstallation für EPSON BX935FWD Series
EPSON Scan (x32)
Evernote v. 4.2.3 (x32 Version: 4.2.3.15)
FileOpen Client (x64) (Version: 3.0.90.926)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 27.0.1453.116)
Google Drive (x32 Version: 1.10.4769.632)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (x32 Version: 1.2.1.18)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 9.0.0.1310)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel(R) WiDi (Version: 3.1.29.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless Software (x32 Version: 15.6.1)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142)
Intel® Trusted Connect Service Client (Version: 1.27.757.1)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 2.00)
Lenovo Patch Utility (x32 Version: 1.3.0.9)
Lenovo Patch Utility (x32 Version: 1.3.2.6)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo SimpleTap (Version: 3.2.0004.00)
Lenovo Solution Center (Version: 2.1.003.00)
Lenovo System Update (x32 Version: 5.02.0011)
Lenovo User Guide (x32 Version: 1.0.0009.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 3.1.0020.00)
Mesh Runtime (x32 Version: 15.4.5722.2)
Message Center Plus (Version: 3.1.0004.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Treiber 311.00 (Version: 311.00)
NVIDIA Grafiktreiber 311.00 (Version: 311.00)
NVIDIA HD-Audiotreiber 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA Optimus 1.11.3 (Version: 1.11.3)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1100)
NVIDIA Systemsteuerung 311.00 (Version: 311.00)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Power Manager (x32 Version: 6.54)
QUICKfind server v1.1 (x32)
QuickTime (x32 Version: 7.74.80.86)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
RapidBoot HDD Accelerator (x32 Version: 1.00.0802)
RapidBoot Shield (Version: 1.23)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6914)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Rescue and Recovery (x32 Version: 4.50.0025.00)
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01)
RnR Sysprep Patch (x32 Version: 1.00.0001)
Skype™ 6.3 (x32 Version: 6.3.105)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Sophos Virus Removal Tool (x32 Version: 2.3)
SugarSync Manager (x32 Version: 1.9.61.90905)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.3800)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 6.01)
ThinkVantage Active Protection System (Version: 1.77.0.11)
ThinkVantage Communications Utility (Version: 3.0.44.0)
ThinkVantage Fingerprint Software (Version: 5.9.9.7282)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VIP Access (x32 Version: 2.0.5.13)
WD Drive Utilities (x32 Version: 1.0.3.3)
WD Quick View (x32 Version: 2.0.1.2)
WD Security (x32 Version: 1.0.3.3)
WD SES Driver Setup (x32 Version: 1.0.2.3)
WD SmartWare (Version: 2.0.1.2)
WD SmartWare Installer (x32 Version: 2.0.1.2)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (Version: 01/11/2012 11.15.16.0)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (Version: 01/11/2012 9.3.0.1020)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (Version: 02/29/2012 1.65.05.20)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (Version: 04/06/2012 16.1.1.0)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2013 05:55:05 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 11

Error: (07/01/2013 05:24:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 04:42:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 03:46:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 02:56:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 01:59:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:07:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:04:51 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (07/01/2013 07:49:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 01:56:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/01/2013 05:26:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/01/2013 05:26:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/01/2013 05:25:39 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 05:24:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.

Error: (07/01/2013 05:23:52 PM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d89ddab6b1, 0xb3b7465ef058f203, 0xfffff880009f05c0, 0x0000000000000002)C:\Windows\MEMORY.DMP070113-12667-01

Error: (07/01/2013 05:23:51 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?01.?07.?2013 um 17:22:26 unerwartet heruntergefahren.

Error: (07/01/2013 04:44:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/01/2013 04:44:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/01/2013 04:43:50 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 04:42:00 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.


Microsoft Office Sessions:
=========================
Error: (07/01/2013 05:55:05 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 11

Error: (07/01/2013 05:24:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 04:42:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 03:46:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 02:56:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 01:59:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:07:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:04:51 AM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (07/01/2013 07:49:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 01:56:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-04-12 11:07:23.133
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 11:06:01.756
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:43:09.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:12:54.404
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:11:22.511
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:11:22.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:07:32.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-25 16:47:43.250
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-25 16:47:08.389
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-25 16:46:51.999
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 7889.63 MB
Available physical RAM: 5132.78 MB
Total Pagefile: 15777.44 MB
Available Pagefile: 12910.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:446.72 GB) (Free:269.38 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:669.83 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.54 GB) NTFS (Disk=0 Partition=3)
Drive s: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:0.67 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
__________________

Alt 01.07.2013, 20:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Unsere Tools müssen immer mit Admin-Rechten laufen, bitte wiederholen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 22:06   #5
cpstutz
 
Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Ok. Sorry about that Hab ich nicht gewusst.

Also nochmals:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2013 02
Ran by *** (administrator) on 01-07-2013 21:38:31
Running from C:\Users\***\Desktop\aa_trojaner-board
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-17] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-02] (Google Inc.)
HKCU\...\Run: [Texuyx] C:\Users\***\AppData\Roaming\Naogi\golup.exe [x]
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {72456fc6-6ce5-11e2-bf73-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {ec80e847-8408-11e2-98df-806e6f6e6963} - "D:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [6002984 2013-04-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-24] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-03-21] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [194856 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start [133944 2011-08-18] ()
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default\...\RunOnce: []  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: []  [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-02-24] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-02-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\user.js
FF SearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.ch/|hxxp://www.admin.ch/ch/d/sr/sr.html|hxxp://www.zh.ch/internet/de/rechtliche_grundlagen/gesetze/loseblattsammlung/aktuelle_fassung.html#a-content|hxxp://www.gerichte-zh.ch/|hxxp://www.bger.ch/index/juridiction/jurisdiction-inherit-template/jurisdiction-recht/jurisdiction-recht-leitentscheide1954.htm|https://www.swisslex.ch/Home.mvc|hxxp://www.legalis.ch/bib/default.asp?typ=login&redir=%2Fbib%2Fdefault%2Easp|hxxp://www.swissblawg.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyProxy Basic - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\foxyproxy@eric.h.jung
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-11] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-11-07] (FileOpen Systems Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-24] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-02-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-24] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-02-24] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-02-24] (Sophos Limited)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-03-21] (Western Digital Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2013-02-05] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-27] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-02-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-02-24] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-02-24] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:54 - 2013-07-01 21:38 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-05-21 21:50 - 03425608 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-06-23 12:51 - 2013-05-21 15:57 - 00142408 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-06-23 12:51 - 2013-05-21 15:05 - 00576929 ____N C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-06-23 12:51 - 2013-05-21 14:15 - 24962560 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-06-23 12:51 - 2013-05-20 16:16 - 01003592 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-06-23 12:51 - 2013-05-20 14:36 - 02794056 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-06-23 12:51 - 2013-05-02 12:01 - 02103040 ____N (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib64.dll
2013-06-23 12:51 - 2013-04-30 19:53 - 03693640 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-06-23 12:51 - 2013-04-30 14:28 - 00916016 ____N (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-06-23 12:51 - 2013-04-24 17:16 - 01662024 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-06-23 12:51 - 2013-04-23 00:40 - 02735648 ____N (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-06-23 12:51 - 2013-03-23 03:43 - 00208072 ____N (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-06-23 12:51 - 2013-02-20 18:55 - 01284680 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00501192 ____N (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00487368 ____N (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00415688 ____N (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-06-23 12:51 - 2012-08-31 19:18 - 07164176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00434960 ____N (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00141584 ____N (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00124176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00075024 ____N (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-05-13 15:15 - 00064624 ____N (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-17 10:07 - 2013-06-19 10:38 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-15 15:32 - 2013-06-08 16:08 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 15:32 - 2013-06-08 16:07 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 15:32 - 2013-06-08 14:28 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 15:32 - 2013-06-08 13:42 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 15:32 - 2013-06-08 13:13 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 08:50 - 2013-05-17 03:25 - 02877440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 01767936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00690688 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00493056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00109056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00061440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00039424 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00033280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 02241024 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 00051712 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 08:50 - 2013-05-17 02:58 - 03958784 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00855552 ____N (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00603136 ____N (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00136704 ____N (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00053248 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00039936 ____N (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 08:50 - 2013-05-14 14:23 - 00089600 ____N (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 08:50 - 2013-05-14 10:40 - 00071680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 20:02 - 2013-05-13 07:51 - 01464320 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00139776 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 07:50 - 00052224 ____N (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 01160192 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00140288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00103936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 05:43 - 01192448 ____N (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00903168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:02 - 2013-05-10 07:49 - 00030720 ____N (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:02 - 2013-05-10 05:20 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:02 - 2013-05-08 08:39 - 01910632 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:02 - 2013-04-26 07:51 - 00751104 ____N (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:02 - 2013-04-26 06:55 - 00492544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:02 - 2013-04-26 01:30 - 01505280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:02 - 2013-04-17 09:02 - 01230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-17 08:24 - 01424384 ____N (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-01 00:52 - 01887232 ____N (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 18:26 - 2013-06-13 16:12 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center

==================== One Month Modified Files and Folders =======

2013-07-01 21:38 - 2013-07-01 16:54 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 21:38 - 2013-02-02 04:47 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-07-01 21:38 - 2013-02-02 04:47 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-07-01 21:38 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 21:32 - 2013-05-20 11:42 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat
2013-07-01 21:32 - 2013-03-18 20:08 - 00000000 ___SD C:\Users\***\Google Drive
2013-07-01 21:32 - 2013-03-18 20:03 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-01 21:32 - 2013-03-18 20:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-01 21:32 - 2013-02-02 05:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 21:32 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 21:31 - 2013-02-02 05:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 21:31 - 2009-07-14 06:51 - 00087112 ____A C:\Windows\setupact.log
2013-07-01 21:30 - 2013-02-02 05:10 - 01936296 ____A C:\Windows\WindowsUpdate.log
2013-07-01 21:19 - 2013-02-24 14:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 20:42 - 2013-02-02 05:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 18:57 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:57 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-01 16:51 - 2013-02-24 22:40 - 00000000 ____D C:\users\Admin
2013-07-01 14:06 - 2013-03-17 17:34 - 00000000 ____D C:\Users\***\Documents\Anki
2013-07-01 14:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 12:01 - 2013-02-02 05:25 - 00000000 ____D C:\swshare
2013-07-01 11:13 - 2013-03-17 17:31 - 00000000 ____D C:\Users\***\Documents\Ramschsammlung
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-26 08:56 - 2013-05-06 18:39 - 00000000 ____D C:\Users\***\AppData\Local\CutePDF Writer
2013-06-24 17:25 - 2013-05-10 15:48 - 01590378 ____N C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 17:13 - 2013-02-24 20:13 - 00000000 ____D C:\ldiag
2013-06-23 15:50 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Anwaltsprüfung
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00867240 ____N (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00789416 ____N (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-23 12:53 - 2013-02-02 05:11 - 00166482 ____N C:\Windows\DPINST.LOG
2013-06-23 12:52 - 2013-04-27 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-02-02 05:18 - 00003043 ____N C:\RHDSetup.log
2013-06-23 12:51 - 2013-02-02 05:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-02-02 05:18 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-20 15:25 - 2013-03-18 12:24 - 00000000 ____D C:\Users\***\Documents\Scans
2013-06-20 13:22 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Sunrise
2013-06-19 10:38 - 2013-06-17 10:07 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-17 18:46 - 2013-03-03 13:18 - 00000000 ____D C:\Users\***\Documents\Knowhow
2013-06-17 10:11 - 2013-03-22 10:27 - 00000000 ____D C:\Users\***\Documents\Vorlagen
2013-06-17 09:47 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Homeoffice
2013-06-16 21:01 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Nesshy
2013-06-15 17:34 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Heidi
2013-06-14 16:01 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Swisscom
2013-06-13 16:12 - 2013-06-10 18:26 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
2013-06-13 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:54 - 2009-07-14 04:34 - 00000499 ____N C:\Windows\win.ini
2013-06-13 08:50 - 2013-02-24 18:53 - 75825640 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 14:23 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\OBCZ
2013-06-08 16:08 - 2013-06-15 15:32 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 15:32 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 15:32 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 16:02 - 2010-11-21 05:47 - 00606422 ____N C:\Windows\PFRO.log
2013-06-06 20:58 - 2013-05-27 12:12 - 00000000 ____D C:\Users\***\Documents\Publikationen cst
2013-06-06 20:57 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Bewerbungsunterlagen
2013-06-03 17:08 - 2013-02-02 05:18 - 00000008 ____N C:\Windows\System32\Drivers\RTKHDAUD.DAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 15:25

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2013 02
Ran by *** at 2013-07-01 21:56:28
Running from C:\Users\***\Desktop\aa_trojaner-board
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.4)
Adobe Acrobat 7.1.4 - CPSID_50030 (x32)
Adobe Acrobat 7.1.4 Professional - English, Français, Deutsch (x32 Version: 7.1.4)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Anki (x32)
Anzeige am Bildschirm (Version: 7.12.00)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Cambridge Advanced Learner's Dictionary - 3rd Edition (x32)
CDBurnerXP (x32 Version: 4.5.1.3868)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Corel WinDVD (x32 Version: 10.0.6.392)
Create Recovery Media (x32 Version: 1.20.0.00)
CutePDF Writer 3.0 (Version:  3.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.17)
Dropbox (HKCU Version: 2.0.22)
Druckerdeinstallation für EPSON BX935FWD Series
EPSON Scan (x32)
Evernote v. 4.2.3 (x32 Version: 4.2.3.15)
FileOpen Client (x64) (Version: 3.0.90.926)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 27.0.1453.116)
Google Drive (x32 Version: 1.10.4769.632)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (x32 Version: 1.2.1.18)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 9.0.0.1310)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel(R) WiDi (Version: 3.1.29.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless Software (x32 Version: 15.6.1)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142)
Intel® Trusted Connect Service Client (Version: 1.27.757.1)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 2.00)
Lenovo Patch Utility (x32 Version: 1.3.0.9)
Lenovo Patch Utility (x32 Version: 1.3.2.6)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo SimpleTap (Version: 3.2.0004.00)
Lenovo Solution Center (Version: 2.1.003.00)
Lenovo System Update (x32 Version: 5.02.0011)
Lenovo User Guide (x32 Version: 1.0.0009.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 3.1.0020.00)
Mesh Runtime (x32 Version: 15.4.5722.2)
Message Center Plus (Version: 3.1.0004.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Treiber 311.00 (Version: 311.00)
NVIDIA Grafiktreiber 311.00 (Version: 311.00)
NVIDIA HD-Audiotreiber 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA Optimus 1.11.3 (Version: 1.11.3)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1100)
NVIDIA Systemsteuerung 311.00 (Version: 311.00)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Power Manager (x32 Version: 6.54)
QUICKfind server v1.1 (x32)
QuickTime (x32 Version: 7.74.80.86)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
RapidBoot HDD Accelerator (x32 Version: 1.00.0802)
RapidBoot Shield (Version: 1.23)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6914)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Rescue and Recovery (x32 Version: 4.50.0025.00)
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01)
RnR Sysprep Patch (x32 Version: 1.00.0001)
Skype™ 6.3 (x32 Version: 6.3.105)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Sophos Virus Removal Tool (x32 Version: 2.3)
SugarSync Manager (x32 Version: 1.9.61.90905)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.3800)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 6.01)
ThinkVantage Active Protection System (Version: 1.77.0.11)
ThinkVantage Communications Utility (Version: 3.0.44.0)
ThinkVantage Fingerprint Software (Version: 5.9.9.7282)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VIP Access (x32 Version: 2.0.5.13)
WD Drive Utilities (x32 Version: 1.0.3.3)
WD Quick View (x32 Version: 2.0.1.2)
WD Security (x32 Version: 1.0.3.3)
WD SES Driver Setup (x32 Version: 1.0.2.3)
WD SmartWare (Version: 2.0.1.2)
WD SmartWare Installer (x32 Version: 2.0.1.2)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (Version: 01/11/2012 11.15.16.0)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (Version: 01/11/2012 9.3.0.1020)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (Version: 02/29/2012 1.65.05.20)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (Version: 04/06/2012 16.1.1.0)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

22-06-2013 10:59:47 Windows Update
23-06-2013 10:52:05 Intel® PROSet/Wireless Software
23-06-2013 11:26:22 Installed Java 7 Update 25
24-06-2013 15:19:17 Windows Update
28-06-2013 06:46:52 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {125C2C3B-098C-4578-8A72-4D13FB58D674} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {24C6274B-A1D2-4867-B2BF-EDDF55FF35F1} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Thinkpad-T.*** => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {30B76162-EFA7-4A6E-AAA2-CDAE600030E2} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2011-08-18] (Lenovo Limited Group Corporation)
Task: {3FB695B0-A4CF-49A2-AC02-DDAD7F6122BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {4AE7873A-225D-4335-8BE1-DBB1D12244C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02] (Google Inc.)
Task: {51F2B17C-137E-4D1D-A7AB-5C4EAA9E0C2A} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {6716F6BD-267F-4996-BD96-B6445878DF7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7331BE4E-B16A-4F37-915F-A27DA19473FE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {AA7D7419-9958-40D9-A861-F3BF3E9D0F61} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe No File
Task: {AD99A411-9681-41D7-B7B0-EC6DF48CD8B3} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {B38EB7BA-D18A-4440-8430-8660F6EE3FD8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {B6130E1A-265D-460E-82A9-02D39A7E5D10} - System32\Tasks\Lenovo\Message Center Plus Launcher => %programfiles(x86)%\Lenovo\message center plus\mcplaunch.exe No File
Task: {CA7F98D4-9B8D-4D51-A02F-052DD5B3B31F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {CBE3B5E8-46DC-4FFA-A755-FB71F533AA09} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe No File
Task: {E1A9AFCD-8F5A-4C2A-B1E8-0220AF5532BB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {F2C124BC-4896-43F1-883C-0F219C96E77F} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Thinkpad-T.Admin => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-16] (Lenovo)
Task: {FF293C96-1F96-45EF-BEDC-B6A82D30F8C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2013 09:32:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 06:50:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 05:55:05 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 11

Error: (07/01/2013 05:24:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 04:42:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 03:46:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 02:56:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 01:59:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:07:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:04:51 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.


System errors:
=============
Error: (07/01/2013 09:34:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/01/2013 09:34:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/01/2013 09:33:16 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 09:32:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.

Error: (07/01/2013 09:29:57 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/01/2013 06:52:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/01/2013 06:52:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/01/2013 06:51:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 06:49:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.

Error: (07/01/2013 05:26:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (07/01/2013 09:32:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 06:50:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 05:55:05 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 11

Error: (07/01/2013 05:24:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 04:42:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 03:46:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 02:56:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 01:59:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:07:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:04:51 AM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(c0:9f:42:8b:e0:89@fe80::c29f:42ff:fe8b:e089._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.


CodeIntegrity Errors:
===================================
  Date: 2013-04-12 11:07:23.133
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 11:06:01.756
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:43:09.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:12:54.404
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:11:22.511
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:11:22.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-12 10:07:32.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-25 16:47:43.250
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-25 16:47:08.389
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-25 16:46:51.999
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 7889.63 MB
Available physical RAM: 5119.43 MB
Total Pagefile: 15777.44 MB
Available Pagefile: 12916.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:446.72 GB) (Free:269.34 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:4.54 GB) NTFS (Disk=0 Partition=3)
Drive s: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:0.67 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3B3D5D34)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Danke nochmals und guten Gruss
cpstutz


Alt 02.07.2013, 08:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Win32/Small.CA-Virus entfernen

Alt 02.07.2013, 12:14   #7
cpstutz
 
Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Hallo Schrauber

habe nun Combofix ausgeführt. Dazu Folgendes: Zuerst Datei runtergeladen, dann Netzwerkverbindungen getrennt und darauf Sophos Anti Virus gemäss Handbuch deaktiviert. Combofix gestartet. Darauf hat Sophos trotz Deaktivierung eine Datei von Combofix als Thread erkannt und in die Quarantäne verschoben. Dort habe ich sie manuell zugelassen, worauf Combofix (hoffentlich vollständig) ausgeführt wurde.

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-30.01 - *** 02.07.2013  11:30:43.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.7890.5253 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\aa_trojaner-board\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Roaming
c:\users\***\AppData\Local\Temp\_MEI60162\_ctypes.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\_elementtree.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\_hashlib.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\_multiprocessing.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\_socket.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\_ssl.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\pyexpat.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\pysqlite2._sqlite.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\python27.dll
c:\users\***\AppData\Local\Temp\_MEI60162\pythoncom27.dll
c:\users\***\AppData\Local\Temp\_MEI60162\PyWinTypes27.dll
c:\users\***\AppData\Local\Temp\_MEI60162\select.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\unicodedata.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32api.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32com.shell.shell.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32crypt.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32event.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32file.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32inet.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32pdh.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32process.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32profile.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32security.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\win32ts.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\windows._cacheinvalidation.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\wx._controls_.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\wx._core_.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\wx._gdi_.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\wx._html2.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\wx._misc_.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\wx._windows_.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\wx._wizard.pyd
c:\users\***\AppData\Local\Temp\_MEI60162\wxbase294u_net_vc90.dll
c:\users\***\AppData\Local\Temp\_MEI60162\wxbase294u_vc90.dll
c:\users\***\AppData\Local\Temp\_MEI60162\wxmsw294u_adv_vc90.dll
c:\users\***\AppData\Local\Temp\_MEI60162\wxmsw294u_core_vc90.dll
c:\users\***\AppData\Local\Temp\_MEI60162\wxmsw294u_html_vc90.dll
c:\users\***\AppData\Local\Temp\_MEI60162\wxmsw294u_webview_vc90.dll
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\ALUpdate.exe
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\ChannelUpdater.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\CidSync.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\crypto.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\libcurl.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\libeay32.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\MSVCP71.DLL
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\MSVCR71.DLL
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\ps.crl
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\ps_rootca.crt
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\retailer.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\scf.dat
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\SharedRes.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\SharedResEng.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\xmlcpp.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\xmlparse.dll
c:\windows\SysWow64\Cache\sophos_autoupdate1.dir\xmltok.dll
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-02 bis 2013-07-02  ))))))))))))))))))))))))))))))
.
.
2013-07-02 09:48 . 2013-07-02 09:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-02 09:48 . 2013-07-02 09:48	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-07-02 09:48 . 2013-07-02 09:48	--------	d-----w-	c:\users\Administrator.Thinkpad-T\AppData\Local\temp
2013-07-01 16:08 . 2013-07-01 16:08	--------	d-----w-	C:\FRST
2013-06-29 18:24 . 2013-06-29 18:24	--------	d-----w-	c:\program files (x86)\Anki
2013-06-28 06:47 . 2013-06-12 03:08	9552976	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9F2FC36-68D8-408D-8A02-A0669D858818}\mpengine.dll
2013-06-23 11:26 . 2013-06-23 11:26	96168	------w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 10:53 . 2013-06-23 10:53	--------	d-----w-	c:\program files (x86)\Cisco
2013-06-23 10:53 . 2013-06-23 10:53	--------	d-----w-	c:\programdata\Intel.sav
2013-06-23 10:49 . 2013-05-13 13:15	64624	------w-	c:\windows\system32\drivers\HECIx64.sys
2013-06-23 10:49 . 2013-06-23 10:49	59816	------r-	c:\users\Admin\AppData\Roaming\Microsoft\Installer\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}\ARPPRODUCTICON.exe
2013-06-23 10:48 . 2013-06-23 10:48	59816	------r-	c:\users\Admin\AppData\Roaming\Microsoft\Installer\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}\ARPPRODUCTICON.exe
2013-06-13 06:50 . 2013-05-17 01:25	257536	------w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-13 06:48 . 2013-06-13 06:48	9089416	------w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 05:57 . 2013-06-11 05:57	--------	d-----w-	c:\program files\iPod
2013-06-11 05:57 . 2013-06-11 05:57	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 05:57 . 2013-06-11 05:57	--------	d-----w-	c:\program files\iTunes
2013-06-11 05:57 . 2013-06-11 05:57	--------	d-----w-	c:\program files (x86)\iTunes
2013-06-11 05:53 . 2013-06-11 05:53	159744	------w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-11 05:53 . 2013-06-11 05:53	159744	------w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-11 05:53 . 2013-06-11 05:53	159744	------w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-11 05:53 . 2013-06-11 05:53	159744	------w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-11 05:53 . 2013-06-11 05:53	159744	------w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-11 05:53 . 2013-06-11 05:53	--------	d-----w-	c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 11:26 . 2013-02-24 14:57	867240	------w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-23 11:26 . 2013-02-24 14:57	789416	------w-	c:\windows\SysWow64\deployJava1.dll
2013-06-13 06:50 . 2013-02-24 16:53	75825640	------w-	c:\windows\system32\MRT.exe
2013-06-13 06:48 . 2013-02-24 12:22	71048	------w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 06:48 . 2013-02-24 12:22	692104	------w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-13 13:15 . 2013-02-02 03:17	16344	------w-	c:\windows\system32\drivers\IntelMEFWVer.dll
2013-05-08 09:21 . 2011-03-29 02:36	22240	------w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-06 15:30 . 2013-05-06 15:30	73728	------r-	c:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-06 15:30 . 2013-05-06 15:30	73728	------r-	c:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-05-06 15:30 . 2013-05-06 15:30	73728	------r-	c:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-05-06 14:14 . 2013-05-06 14:14	706560	------w-	c:\windows\is-NKRQD.exe
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	------w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	------w-	c:\windows\SysWow64\QuickTime.qts
2013-04-25 19:04 . 2013-04-25 19:04	226304	------w-	c:\windows\system32\elshyph.dll
2013-04-25 19:04 . 2013-04-25 19:04	185344	------w-	c:\windows\SysWow64\elshyph.dll
2013-04-25 19:04 . 2013-04-25 19:04	1054720	------w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-25 19:04 . 2013-04-25 19:04	73728	------w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-25 19:04 . 2013-04-25 19:04	719360	------w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-25 19:04 . 2013-04-25 19:04	523264	------w-	c:\windows\SysWow64\vbscript.dll
2013-04-25 19:04 . 2013-04-25 19:04	48640	------w-	c:\windows\SysWow64\mshtmler.dll
2013-04-25 19:04 . 2013-04-25 19:04	38400	------w-	c:\windows\SysWow64\imgutil.dll
2013-04-25 19:04 . 2013-04-25 19:04	158720	------w-	c:\windows\SysWow64\msls31.dll
2013-04-25 19:04 . 2013-04-25 19:04	150528	------w-	c:\windows\SysWow64\iexpress.exe
2013-04-25 19:04 . 2013-04-25 19:04	138752	------w-	c:\windows\SysWow64\wextract.exe
2013-04-25 19:04 . 2013-04-25 19:04	137216	------w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-25 19:04 . 2013-04-25 19:04	12800	------w-	c:\windows\SysWow64\mshta.exe
2013-04-25 19:04 . 2013-04-25 19:04	110592	------w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-25 19:04 . 2013-04-25 19:04	97280	------w-	c:\windows\system32\mshtmled.dll
2013-04-25 19:04 . 2013-04-25 19:04	905728	------w-	c:\windows\system32\mshtmlmedia.dll
2013-04-25 19:04 . 2013-04-25 19:04	81408	------w-	c:\windows\system32\icardie.dll
2013-04-25 19:04 . 2013-04-25 19:04	762368	------w-	c:\windows\system32\ieapfltr.dll
2013-04-25 19:04 . 2013-04-25 19:04	61952	------w-	c:\windows\SysWow64\tdc.ocx
2013-04-25 19:04 . 2013-04-25 19:04	599552	------w-	c:\windows\system32\vbscript.dll
2013-04-25 19:04 . 2013-04-25 19:04	452096	------w-	c:\windows\system32\dxtmsft.dll
2013-04-25 19:04 . 2013-04-25 19:04	441856	------w-	c:\windows\system32\html.iec
2013-04-25 19:04 . 2013-04-25 19:04	361984	------w-	c:\windows\SysWow64\html.iec
2013-04-25 19:04 . 2013-04-25 19:04	281600	------w-	c:\windows\system32\dxtrans.dll
2013-04-25 19:04 . 2013-04-25 19:04	27648	------w-	c:\windows\system32\licmgr10.dll
2013-04-25 19:04 . 2013-04-25 19:04	270848	------w-	c:\windows\system32\iedkcs32.dll
2013-04-25 19:04 . 2013-04-25 19:04	247296	------w-	c:\windows\system32\webcheck.dll
2013-04-25 19:04 . 2013-04-25 19:04	235008	------w-	c:\windows\system32\url.dll
2013-04-25 19:04 . 2013-04-25 19:04	23040	------w-	c:\windows\SysWow64\licmgr10.dll
2013-04-25 19:04 . 2013-04-25 19:04	216064	------w-	c:\windows\system32\msls31.dll
2013-04-25 19:04 . 2013-04-25 19:04	197120	------w-	c:\windows\system32\msrating.dll
2013-04-25 19:04 . 2013-04-25 19:04	167424	------w-	c:\windows\system32\iexpress.exe
2013-04-25 19:04 . 2013-04-25 19:04	1509376	------w-	c:\windows\system32\inetcpl.cpl
2013-04-25 19:04 . 2013-04-25 19:04	144896	------w-	c:\windows\system32\wextract.exe
2013-04-25 19:04 . 2013-04-25 19:04	1441280	------w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-25 19:04 . 2013-04-25 19:04	1400416	------w-	c:\windows\system32\ieapfltr.dat
2013-04-25 19:04 . 2013-04-25 19:04	102912	------w-	c:\windows\system32\inseng.dll
2013-04-25 19:04 . 2013-04-25 19:04	92160	------w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-25 19:04 . 2013-04-25 19:04	77312	------w-	c:\windows\system32\tdc.ocx
2013-04-25 19:04 . 2013-04-25 19:04	62976	------w-	c:\windows\system32\pngfilt.dll
2013-04-25 19:04 . 2013-04-25 19:04	52224	------w-	c:\windows\system32\msfeedsbs.dll
2013-04-25 19:04 . 2013-04-25 19:04	51200	------w-	c:\windows\system32\imgutil.dll
2013-04-25 19:04 . 2013-04-25 19:04	48640	------w-	c:\windows\system32\mshtmler.dll
2013-04-25 19:04 . 2013-04-25 19:04	173568	------w-	c:\windows\system32\ieUnatt.exe
2013-04-25 19:04 . 2013-04-25 19:04	149504	------w-	c:\windows\system32\occache.dll
2013-04-25 19:04 . 2013-04-25 19:04	13824	------w-	c:\windows\system32\mshta.exe
2013-04-25 19:04 . 2013-04-25 19:04	136192	------w-	c:\windows\system32\iepeers.dll
2013-04-25 19:04 . 2013-04-25 19:04	135680	------w-	c:\windows\system32\IEAdvpack.dll
2013-04-25 19:04 . 2013-04-25 19:04	12800	------w-	c:\windows\system32\msfeedssync.exe
2013-04-23 04:54 . 2013-02-02 03:22	2692904	------w-	c:\windows\PWMBTHLV.EXE
2013-04-23 04:54 . 2013-02-02 03:22	29512	------w-	c:\windows\system32\drivers\DZHDD64.SYS
2013-04-23 04:54 . 2013-02-02 03:22	2812712	------w-	c:\windows\system32\PWMCP64V.cpl
2013-04-23 04:54 . 2013-02-02 03:22	20736	------w-	c:\windows\system32\drivers\TPPWR64V.SYS
2013-04-17 20:16 . 2013-05-23 14:31	460528	------w-	c:\windows\system32\drivers\SynTP.sys
2013-04-17 20:16 . 2013-05-23 14:31	44784	------w-	c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-04-17 20:16 . 2013-05-23 14:31	114416	------w-	c:\windows\SysWow64\SynTPCOM.dll
2013-04-17 20:16 . 2013-05-23 14:31	229616	------w-	c:\windows\system32\SynTPAPI.dll
2013-04-17 20:16 . 2013-05-23 14:31	178416	------w-	c:\windows\system32\SynTPCo14.dll
2013-04-17 20:16 . 2013-05-23 14:31	540400	------w-	c:\windows\SysWow64\SynCOM.dll
2013-04-17 20:16 . 2013-02-02 02:44	1048816	------w-	c:\windows\system32\SynCOM.dll
2013-04-13 05:49 . 2013-05-15 16:27	135168	------w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 16:27	350208	------w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 16:27	308736	------w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 16:27	111104	------w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 16:27	474624	------w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 16:27	2176512	------w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 07:04	1656680	------w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 16:27	265064	------w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 16:27	983400	------w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 16:26	3153920	------w-	c:\windows\system32\win32k.sys
2013-04-09 13:13 . 2013-05-06 14:14	110264	------w-	c:\windows\system32\pdfcmon.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-02-02 39408]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-06 19676256]
"updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-04-19 291608]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-30 132920]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-04-23 6002984]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-02-24 929272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-13 1688008]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-03-21 5687152]
"ACWLIcon"="c:\program files (x86)\Lenovo\Access Connections\ACWLIcon.exe" [2013-03-18 194856]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-08-31 508656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Launch Backup Service Once"="c:\program files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe" [2011-08-18 133944]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2013-4-11 25214]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2013-1-21 1393968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 FileOpenManagerService;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerService64.exe;c:\program files\FileOpen\Services\FileOpenManagerService64.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 05:42	1165776	------w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 06:48]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 03:26]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 03:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	164016	------w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 21:57	778192	------w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57	778192	------w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57	778192	------w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 21:57	778192	------w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 21:57	778192	------w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 21:57	778192	------w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39	463952	------w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39	463952	------w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39	463952	------w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39	463952	------w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-21 13538376]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
"TpShocks"="TpShocks.exe" [2013-02-12 382248]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-05-29 293672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-03 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-03 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-03 441152]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2012-11-07 1092528]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2013-03-18 63784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/|hxxp://www.admin.ch/ch/d/sr/sr.html|hxxp://www.zh.ch/internet/de/rechtliche_grundlagen/gesetze/loseblattsammlung/aktuelle_fassung.html#a-content|hxxp://www.gerichte-zh.ch/|hxxp://www.bger.ch/index/juridiction/jurisdiction-inherit-template/jurisdiction-recht/jurisdiction-recht-leitentscheide1954.htm|https://www.swisslex.ch/Home.mvc|hxxp://www.legalis.ch/bib/default.asp?typ=login&redir=%2Fbib%2Fdefault%2Easp|hxxp://www.swissblawg.ch/
FF - ExtSQL: 2013-07-01 15:42; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Texuyx - c:\users\***\AppData\Roaming\Naogi\golup.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-02  11:56:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-02 09:56
.
Vor Suchlauf: 13 Verzeichnis(se), 290'312'212'480 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 296'393'211'904 Bytes frei
.
- - End Of File - - CA5E502E5271A7B90F38E9C256CF6FA3
         
--- --- --- D41D8CD98F00B204E9800998ECF8427E
Vielen Dank nochmals und Gruss
cpstutz

Alt 02.07.2013, 14:28   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2013, 16:49   #9
cpstutz
 
Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Hallo Schrauber

Hat eine Weile gedauert, aber hier die Log-files:

Malware:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
*** :: THINKPAD-T [Administrator]

Schutz: Deaktiviert

02.07.2013 16:07:34
mbam-log-2013-07-02 (16-07-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 308771
Laufzeit: 4 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 02/07/2013 um 16:16:40 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - THINKPAD-T
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\aa_trojaner-board\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89nmd4tb.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************
         
Junkware:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by *** on 02.07.2013 at 16:27:09.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\np47b545.default\minidumps [75 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.07.2013 at 16:32:31.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und das neue FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by *** (administrator) on 02-07-2013 16:42:37
Running from C:\Users\***\Desktop\aa_trojaner-board
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-17] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-02] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [6002984 2013-04-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-24] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [194856 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start [133944 2011-08-18] ()
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default\...\RunOnce: []  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: []  [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs:  C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll C:\Windows\System32\nvinitx.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [218256 2013-02-24] (Sophos Limited)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [221840 2013-02-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default
FF SearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.ch/|hxxp://www.admin.ch/ch/d/sr/sr.html|hxxp://www.zh.ch/internet/de/rechtliche_grundlagen/gesetze/loseblattsammlung/aktuelle_fassung.html#a-content|hxxp://www.gerichte-zh.ch/|hxxp://www.bger.ch/index/juridiction/jurisdiction-inherit-template/jurisdiction-recht/jurisdiction-recht-leitentscheide1954.htm|https://www.swisslex.ch/Home.mvc|hxxp://www.legalis.ch/bib/default.asp?typ=login&redir=%2Fbib%2Fdefault%2Easp|hxxp://www.swissblawg.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyProxy Basic - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\foxyproxy@eric.h.jung
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-11] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-11-07] (FileOpen Systems Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-24] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-02-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-24] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-02-24] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-02-24] (Sophos Limited)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-19] (Western Digital Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2013-02-05] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-27] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-02-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-02-24] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-02-24] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 16:27 - 2013-07-02 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 16:26 - 2013-07-02 16:26 - 00000000 ____D C:\JRT
2013-07-02 16:16 - 2013-07-02 16:17 - 00001412 ____A C:\AdwCleaner[S1].txt
2013-07-02 16:05 - 2013-07-02 16:05 - 00001120 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 16:05 - 2013-07-02 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 16:05 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-02 15:51 - 2013-07-02 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 11:28 - 2013-07-02 11:57 - 00000000 ___AD C:\Qoobox
2013-07-02 11:28 - 2013-07-02 11:55 - 00000000 ____D C:\Windows\erdnt
2013-07-02 11:28 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-02 11:28 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:54 - 2013-07-02 16:42 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-05-21 21:50 - 03425608 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-06-23 12:51 - 2013-05-21 15:57 - 00142408 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-06-23 12:51 - 2013-05-21 15:05 - 00576929 ____N C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-06-23 12:51 - 2013-05-21 14:15 - 24962560 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-06-23 12:51 - 2013-05-20 16:16 - 01003592 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-06-23 12:51 - 2013-05-20 14:36 - 02794056 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-06-23 12:51 - 2013-05-02 12:01 - 02103040 ____N (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib64.dll
2013-06-23 12:51 - 2013-04-30 19:53 - 03693640 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-06-23 12:51 - 2013-04-30 14:28 - 00916016 ____N (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-06-23 12:51 - 2013-04-24 17:16 - 01662024 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-06-23 12:51 - 2013-04-23 00:40 - 02735648 ____N (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-06-23 12:51 - 2013-03-23 03:43 - 00208072 ____N (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-06-23 12:51 - 2013-02-20 18:55 - 01284680 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00501192 ____N (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00487368 ____N (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00415688 ____N (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-06-23 12:51 - 2012-08-31 19:18 - 07164176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00434960 ____N (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00141584 ____N (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00124176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00075024 ____N (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-05-13 15:15 - 00064624 ____N (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-17 10:07 - 2013-06-19 10:38 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-15 15:32 - 2013-06-08 16:08 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 15:32 - 2013-06-08 16:07 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 15:32 - 2013-06-08 14:28 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 15:32 - 2013-06-08 13:42 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 15:32 - 2013-06-08 13:13 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 08:50 - 2013-05-17 03:25 - 02877440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 01767936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00690688 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00493056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00109056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00061440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00039424 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00033280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 02241024 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 00051712 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 08:50 - 2013-05-17 02:58 - 03958784 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00855552 ____N (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00603136 ____N (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00136704 ____N (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00053248 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00039936 ____N (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 08:50 - 2013-05-14 14:23 - 00089600 ____N (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 08:50 - 2013-05-14 10:40 - 00071680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 20:02 - 2013-05-13 07:51 - 01464320 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00139776 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 07:50 - 00052224 ____N (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 01160192 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00140288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00103936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 05:43 - 01192448 ____N (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00903168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:02 - 2013-05-10 07:49 - 00030720 ____N (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:02 - 2013-05-10 05:20 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:02 - 2013-05-08 08:39 - 01910632 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:02 - 2013-04-26 07:51 - 00751104 ____N (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:02 - 2013-04-26 06:55 - 00492544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:02 - 2013-04-26 01:30 - 01505280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:02 - 2013-04-17 09:02 - 01230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-17 08:24 - 01424384 ____N (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-01 00:52 - 01887232 ____N (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 18:26 - 2013-06-13 16:12 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center

==================== One Month Modified Files and Folders =======

2013-07-02 16:42 - 2013-07-01 16:54 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-02 16:42 - 2013-02-02 05:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 16:41 - 2013-03-18 20:08 - 00000000 ___SD C:\Users\***\Google Drive
2013-07-02 16:41 - 2013-03-18 20:03 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-02 16:41 - 2013-03-18 20:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-02 16:39 - 2013-02-02 05:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 16:38 - 2013-05-20 11:42 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat
2013-07-02 16:38 - 2013-02-02 05:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 16:38 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 16:38 - 2009-07-14 06:51 - 00087762 ____A C:\Windows\setupact.log
2013-07-02 16:37 - 2013-02-02 05:10 - 01998316 ____A C:\Windows\WindowsUpdate.log
2013-07-02 16:28 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 16:28 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 16:27 - 2013-07-02 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 16:26 - 2013-07-02 16:26 - 00000000 ____D C:\JRT
2013-07-02 16:26 - 2013-02-02 04:47 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-07-02 16:26 - 2013-02-02 04:47 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-07-02 16:26 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 16:18 - 2010-11-21 05:47 - 00609326 ____A C:\Windows\PFRO.log
2013-07-02 16:17 - 2013-07-02 16:16 - 00001412 ____A C:\AdwCleaner[S1].txt
2013-07-02 16:05 - 2013-07-02 16:05 - 00001120 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 16:05 - 2013-07-02 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 15:51 - 2013-07-02 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 15:23 - 2013-02-24 14:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 13:36 - 2013-04-27 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-02 13:36 - 2013-02-02 05:11 - 00178106 ____A C:\Windows\DPINST.LOG
2013-07-02 13:35 - 2013-04-27 17:01 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-07-02 13:35 - 2013-03-02 08:46 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-07-02 11:57 - 2013-07-02 11:28 - 00000000 ___AD C:\Qoobox
2013-07-02 11:57 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-07-02 11:55 - 2013-07-02 11:28 - 00000000 ____D C:\Windows\erdnt
2013-07-02 11:52 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-02 11:51 - 2009-07-14 04:34 - 78905344 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 22806528 ____A C:\Windows\System32\config\SYSTEM.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-01 16:51 - 2013-02-24 22:40 - 00000000 ____D C:\users\Admin
2013-07-01 14:06 - 2013-03-17 17:34 - 00000000 ____D C:\Users\***\Documents\Anki
2013-07-01 14:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 12:01 - 2013-02-02 05:25 - 00000000 ____D C:\swshare
2013-07-01 11:13 - 2013-03-17 17:31 - 00000000 ____D C:\Users\***\Documents\Ramschsammlung
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-26 08:56 - 2013-05-06 18:39 - 00000000 ____D C:\Users\***\AppData\Local\CutePDF Writer
2013-06-24 17:25 - 2013-05-10 15:48 - 01590378 ____N C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 17:13 - 2013-02-24 20:13 - 00000000 ____D C:\ldiag
2013-06-23 15:50 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Anwaltsprüfung
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00867240 ____N (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00789416 ____N (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-02-02 05:18 - 00003043 ____N C:\RHDSetup.log
2013-06-23 12:51 - 2013-02-02 05:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-02-02 05:18 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-20 15:25 - 2013-03-18 12:24 - 00000000 ____D C:\Users\***\Documents\Scans
2013-06-20 13:22 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Sunrise
2013-06-19 10:38 - 2013-06-17 10:07 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-17 18:46 - 2013-03-03 13:18 - 00000000 ____D C:\Users\***\Documents\Knowhow
2013-06-17 10:11 - 2013-03-22 10:27 - 00000000 ____D C:\Users\***\Documents\Vorlagen
2013-06-17 09:47 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Homeoffice
2013-06-16 21:01 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Nesshy
2013-06-15 17:34 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Heidi
2013-06-14 16:01 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Swisscom
2013-06-13 16:12 - 2013-06-10 18:26 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
2013-06-13 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:54 - 2009-07-14 04:34 - 00000499 ____N C:\Windows\win.ini
2013-06-13 08:50 - 2013-02-24 18:53 - 75825640 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 14:23 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\OBCZ
2013-06-08 16:08 - 2013-06-15 15:32 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 15:32 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 15:32 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 20:58 - 2013-05-27 12:12 - 00000000 ____D C:\Users\***\Documents\Publikationen cst
2013-06-06 20:57 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Bewerbungsunterlagen
2013-06-03 17:08 - 2013-02-02 05:18 - 00000008 ____N C:\Windows\System32\Drivers\RTKHDAUD.DAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 15:25

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Thx nochmals für Deine Engelsgeduld.
cpstutz

Alt 02.07.2013, 17:47   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2013, 20:28   #11
cpstutz
 
Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Hallo Schrauber, thx so far.

Ich weiss nicht, ob ich noch "Probleme habe". Etwas beunruhigt bin ich darüber, dass bei dem ganzen Prozedere keine Malware gefunden worden ist. Ich habe widersprüchliche Informationen betreffend Win32/Small.CA im Web gefunden (vereinzelte meinen, es handle sich um einen false positive, andere halten den Trojaner für "severe") und es ist damit zu rechnen, dass es sich dabei um einen "schlafenden" Trojaner handelt, der bei Bedarf meinen Rechner an ein Bootnetz anschliessen könnte. Insofern wäre es mir wohler gewesen, wenn irgendeines dieser Programme etwas gefunden hätten.

Meinst Du, dass nun das ganze System neu aufgesetzt werden sollte?

Anbei die Logfiles:

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5f904a23e0b7240be22436f4adf5e20
# engine=14238
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-02 06:04:33
# local_time=2013-07-02 08:04:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 8790 124418123 0 0
# compatibility_mode=8450 16777213 85 99 8420 11082769 0 0
# scanned=262542
# found=0
# cleaned=0
# scan_time=7254
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Sophos Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Control swc_service.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Und das frische FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by *** (administrator) on 02-07-2013 20:15:29
Running from C:\Users\***\Desktop\aa_trojaner-board
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-17] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-02] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [6002984 2013-04-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-24] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [194856 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start [133944 2011-08-18] ()
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default\...\RunOnce: []  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: []  [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs:  C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll C:\Windows\System32\nvinitx.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [218256 2013-02-24] (Sophos Limited)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [221840 2013-02-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default
FF SearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.google.ch/|hxxp://www.admin.ch/ch/d/sr/sr.html|hxxp://www.zh.ch/internet/de/rechtliche_grundlagen/gesetze/loseblattsammlung/aktuelle_fassung.html#a-content|hxxp://www.gerichte-zh.ch/|hxxp://www.bger.ch/index/juridiction/jurisdiction-inherit-template/jurisdiction-recht/jurisdiction-recht-leitentscheide1954.htm|https://www.swisslex.ch/Home.mvc|hxxp://www.legalis.ch/bib/default.asp?typ=login&redir=%2Fbib%2Fdefault%2Easp|hxxp://www.swissblawg.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxyProxy Basic - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\foxyproxy@eric.h.jung
FF Extension: WOT - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\np47b545.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-11] (Adobe Systems)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-11-07] (FileOpen Systems Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-24] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-02-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-24] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-02-24] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-02-24] (Sophos Limited)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-19] (Western Digital Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2013-02-05] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-27] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-02-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-02-24] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-02-24] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 16:27 - 2013-07-02 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 16:26 - 2013-07-02 16:26 - 00000000 ____D C:\JRT
2013-07-02 16:16 - 2013-07-02 16:17 - 00001412 ____A C:\AdwCleaner[S1].txt
2013-07-02 16:05 - 2013-07-02 16:05 - 00001120 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 16:05 - 2013-07-02 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 16:05 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-02 15:51 - 2013-07-02 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 11:28 - 2013-07-02 11:57 - 00000000 ___AD C:\Qoobox
2013-07-02 11:28 - 2013-07-02 11:55 - 00000000 ____D C:\Windows\erdnt
2013-07-02 11:28 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-02 11:28 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-02 11:28 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:54 - 2013-07-02 20:15 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-05-21 21:50 - 03425608 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-06-23 12:51 - 2013-05-21 15:57 - 00142408 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-06-23 12:51 - 2013-05-21 15:05 - 00576929 ____N C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-06-23 12:51 - 2013-05-21 14:15 - 24962560 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-06-23 12:51 - 2013-05-20 16:16 - 01003592 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-06-23 12:51 - 2013-05-20 14:36 - 02794056 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-06-23 12:51 - 2013-05-02 12:01 - 02103040 ____N (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib64.dll
2013-06-23 12:51 - 2013-04-30 19:53 - 03693640 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-06-23 12:51 - 2013-04-30 14:28 - 00916016 ____N (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-06-23 12:51 - 2013-04-24 17:16 - 01662024 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-06-23 12:51 - 2013-04-23 00:40 - 02735648 ____N (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-06-23 12:51 - 2013-03-23 03:43 - 00208072 ____N (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-06-23 12:51 - 2013-02-20 18:55 - 01284680 ____N (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00501192 ____N (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00487368 ____N (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-06-23 12:51 - 2012-10-02 14:41 - 00415688 ____N (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-06-23 12:51 - 2012-08-31 19:18 - 07164176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00434960 ____N (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00141584 ____N (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00124176 ____N (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-06-23 12:51 - 2012-08-31 19:17 - 00075024 ____N (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-05-13 15:15 - 00064624 ____N (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-17 10:07 - 2013-06-19 10:38 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-15 15:32 - 2013-06-08 16:08 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 15:32 - 2013-06-08 16:07 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 15:32 - 2013-06-08 16:06 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 15:32 - 2013-06-08 14:28 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 15:32 - 2013-06-08 13:42 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 15:32 - 2013-06-08 13:40 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 15:32 - 2013-06-08 13:13 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 08:50 - 2013-05-17 03:25 - 02877440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 01767936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00690688 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00493056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00109056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00061440 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00039424 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 03:25 - 00033280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 02241024 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:50 - 2013-05-17 02:59 - 00051712 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 08:50 - 2013-05-17 02:58 - 03958784 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00855552 ____N (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00603136 ____N (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00136704 ____N (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00067072 ____N (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00053248 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:50 - 2013-05-17 02:58 - 00039936 ____N (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 08:50 - 2013-05-14 14:23 - 00089600 ____N (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 08:50 - 2013-05-14 10:40 - 00071680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 20:02 - 2013-05-13 07:51 - 01464320 ____N (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 07:51 - 00139776 ____N (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 07:50 - 00052224 ____N (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 01160192 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00140288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:02 - 2013-05-13 06:45 - 00103936 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:02 - 2013-05-13 05:43 - 01192448 ____N (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00903168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:02 - 2013-05-13 05:08 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:02 - 2013-05-10 07:49 - 00030720 ____N (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 20:02 - 2013-05-10 05:20 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 20:02 - 2013-05-08 08:39 - 01910632 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 20:02 - 2013-04-26 07:51 - 00751104 ____N (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 20:02 - 2013-04-26 06:55 - 00492544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:02 - 2013-04-26 01:30 - 01505280 ____N (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:02 - 2013-04-17 09:02 - 01230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-17 08:24 - 01424384 ____N (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 20:02 - 2013-04-01 00:52 - 01887232 ____N (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 18:26 - 2013-06-13 16:12 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center

==================== One Month Modified Files and Folders =======

2013-07-02 20:15 - 2013-07-01 16:54 - 00000000 ____D C:\Users\***\Desktop\aa_trojaner-board
2013-07-02 19:42 - 2013-02-02 05:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 19:19 - 2013-02-24 14:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 18:03 - 2013-02-02 04:47 - 00696870 ____A C:\Windows\System32\perfh007.dat
2013-07-02 18:03 - 2013-02-02 04:47 - 00148134 ____A C:\Windows\System32\perfc007.dat
2013-07-02 18:03 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 18:03 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 18:03 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 17:59 - 2013-02-02 05:10 - 02002241 ____A C:\Windows\WindowsUpdate.log
2013-07-02 17:57 - 2013-03-18 20:08 - 00000000 ___SD C:\Users\***\Google Drive
2013-07-02 17:57 - 2013-03-18 20:03 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-02 17:57 - 2013-03-18 20:02 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-02 17:57 - 2013-02-02 05:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 17:56 - 2013-05-20 11:42 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat
2013-07-02 17:56 - 2013-02-02 05:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 17:56 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 17:55 - 2009-07-14 06:51 - 00087818 ____A C:\Windows\setupact.log
2013-07-02 16:27 - 2013-07-02 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 16:26 - 2013-07-02 16:26 - 00000000 ____D C:\JRT
2013-07-02 16:18 - 2010-11-21 05:47 - 00609326 ____A C:\Windows\PFRO.log
2013-07-02 16:17 - 2013-07-02 16:16 - 00001412 ____A C:\AdwCleaner[S1].txt
2013-07-02 16:05 - 2013-07-02 16:05 - 00001120 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 16:05 - 2013-07-02 16:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 15:51 - 2013-07-02 15:51 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-02 15:50 - 2013-07-02 15:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 13:36 - 2013-04-27 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-02 13:36 - 2013-02-02 05:11 - 00178106 ____A C:\Windows\DPINST.LOG
2013-07-02 13:35 - 2013-04-27 17:01 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-07-02 13:35 - 2013-03-02 08:46 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-07-02 11:57 - 2013-07-02 11:28 - 00000000 ___AD C:\Qoobox
2013-07-02 11:57 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-07-02 11:55 - 2013-07-02 11:28 - 00000000 ____D C:\Windows\erdnt
2013-07-02 11:52 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-02 11:51 - 2009-07-14 04:34 - 78905344 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 22806528 ____A C:\Windows\System32\config\SYSTEM.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-02 11:51 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-07-01 18:08 - 2013-07-01 18:08 - 00000000 ____D C:\FRST
2013-07-01 17:23 - 2013-07-01 17:23 - 747136470 ____A C:\Windows\MEMORY.DMP
2013-07-01 17:23 - 2013-07-01 17:23 - 00294200 ____A C:\Windows\Minidump\070113-12667-01.dmp
2013-07-01 17:23 - 2013-07-01 17:23 - 00000000 ____D C:\Windows\Minidump
2013-07-01 17:07 - 2013-07-01 17:07 - 00128016 ____A C:\Users\Admin\Desktop\OTL.Txt
2013-07-01 16:55 - 2013-07-01 16:55 - 00000472 ____A C:\Users\***\Downloads\defogger_disable.log
2013-07-01 16:51 - 2013-07-01 16:51 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-01 16:51 - 2013-02-24 22:40 - 00000000 ____D C:\users\Admin
2013-07-01 14:06 - 2013-03-17 17:34 - 00000000 ____D C:\Users\***\Documents\Anki
2013-07-01 14:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 12:01 - 2013-02-02 05:25 - 00000000 ____D C:\swshare
2013-07-01 11:13 - 2013-03-17 17:31 - 00000000 ____D C:\Users\***\Documents\Ramschsammlung
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\UpdatusUser\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Administrator.Thinkpad-T\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000742 ____N C:\Users\Admin\Desktop\Anki.lnk
2013-06-29 20:24 - 2013-06-29 20:24 - 00000000 ____D C:\Program Files (x86)\Anki
2013-06-29 20:23 - 2013-06-29 20:23 - 25781276 ____N C:\Users\***\Downloads\anki-2.0.11.exe
2013-06-26 08:56 - 2013-05-06 18:39 - 00000000 ____D C:\Users\***\AppData\Local\CutePDF Writer
2013-06-24 17:25 - 2013-05-10 15:48 - 01590378 ____N C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 17:13 - 2013-02-24 20:13 - 00000000 ____D C:\ldiag
2013-06-23 15:50 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Anwaltsprüfung
2013-06-23 13:26 - 2013-06-23 13:26 - 00263592 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:26 - 2013-06-23 13:26 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00867240 ____N (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:26 - 2013-02-24 16:57 - 00789416 ____N (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\ProgramData\Intel.sav
2013-06-23 12:53 - 2013-06-23 12:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-06-23 12:53 - 2013-02-02 05:14 - 00000000 ____D C:\Program Files (x86)\Intel
2013-06-23 12:51 - 2013-06-23 12:51 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2013-06-23 12:51 - 2013-02-02 05:18 - 00003043 ____N C:\RHDSetup.log
2013-06-23 12:51 - 2013-02-02 05:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-06-23 12:49 - 2013-06-23 12:49 - 00000030 ____N C:\Windows\success64.log
2013-06-23 12:49 - 2013-02-02 05:18 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-23 12:48 - 2013-06-23 12:48 - 00000030 ____N C:\Windows\success32.log
2013-06-22 20:04 - 2013-06-22 20:04 - 00005064 ____N C:\QcOSD.txt
2013-06-20 15:25 - 2013-03-18 12:24 - 00000000 ____D C:\Users\***\Documents\Scans
2013-06-20 13:22 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Sunrise
2013-06-19 10:38 - 2013-06-17 10:07 - 00000000 ____D C:\Users\***\Documents\Walder Wyss
2013-06-17 18:46 - 2013-03-03 13:18 - 00000000 ____D C:\Users\***\Documents\Knowhow
2013-06-17 10:11 - 2013-03-22 10:27 - 00000000 ____D C:\Users\***\Documents\Vorlagen
2013-06-17 09:47 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Homeoffice
2013-06-16 21:01 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Nesshy
2013-06-15 17:34 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Heidi
2013-06-14 16:01 - 2013-03-17 17:28 - 00000000 ____D C:\Users\***\Documents\Swisscom
2013-06-13 16:12 - 2013-06-10 18:26 - 00000000 ____D C:\Users\***\Documents\Esalen - Projekt Übernahme The Center
2013-06-13 15:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 08:54 - 2009-07-14 04:34 - 00000499 ____N C:\Windows\win.ini
2013-06-13 08:50 - 2013-02-24 18:53 - 75825640 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 08:48 - 2013-06-13 08:48 - 09089416 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 08:48 - 2013-02-24 14:22 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 07:57 - 2013-06-11 07:57 - 00001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iTunes
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files\iPod
2013-06-11 07:57 - 2013-06-11 07:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-11 07:53 - 2013-06-11 07:53 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-06-11 07:53 - 2013-06-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-10 14:23 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\OBCZ
2013-06-08 16:08 - 2013-06-15 15:32 - 01365504 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 15:32 - 19233792 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 15404544 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 02648064 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 15:32 - 00526336 ____N (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 15:32 - 01141248 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 14327808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 13760512 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 02046976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 15:32 - 00391168 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 15:32 - 02706432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 20:58 - 2013-05-27 12:12 - 00000000 ____D C:\Users\***\Documents\Publikationen cst
2013-06-06 20:57 - 2013-03-17 17:32 - 00000000 ____D C:\Users\***\Documents\Bewerbungsunterlagen
2013-06-03 17:08 - 2013-02-02 05:18 - 00000008 ____N C:\Windows\System32\Drivers\RTKHDAUD.DAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 15:25

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Danke nochmals für Deine Mühe
cpstutz

Alt 03.07.2013, 08:23   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Combofix hat ihn entfernt

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 09:48   #13
cpstutz
 
Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Schrauber, Du bist mein Held der Woche!!! Herzlichen Dank für Deine Hilfe!

Alles so unternommen, wie Du angewiesen hast. Du kannst diesen Thread aus dem Abo löschen.

Weiterhin viele Erfolgserlebnisse und eine gute Zeit.
Gruss, cpstutz

Alt 03.07.2013, 10:42   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Win32/Small.CA-Virus entfernen - Standard

Win32/Small.CA-Virus entfernen



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win32/Small.CA-Virus entfernen
7-zip, adobe reader xi, bho, bluescreen, bonjour, browser, desktop, entfernen, error, failed, firefox, flash player, frage, google, helper, homepage, iexplore.exe, install.exe, logfile, mozilla, nvpciflt.sys, object, popup, pwmtr64v.dll, realtek, registry, security, software, svchost.exe, symantec



Ähnliche Themen: Win32/Small.CA-Virus entfernen


  1. Windows-Problembericht: Entfernen des Win32/Small.CA-Virus von Ihrem PC
    Plagegeister aller Art und deren Bekämpfung - 02.01.2014 (9)
  2. Windows-Problembericht: Entfernen des Win32/Small.CA-Virus von Ihrem PC
    Mülltonne - 28.12.2013 (1)
  3. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 16.12.2013 (4)
  4. Win 7 x64: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 31.10.2013 (15)
  5. Windows zeigt an: Entfernen des Win32 small ca virus
    Log-Analyse und Auswertung - 28.10.2013 (18)
  6. Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 22.10.2013 (9)
  7. Windows 7: Wartungscenter meldet: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 12.10.2013 (21)
  8. Windows 7: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 30.09.2013 (9)
  9. Ich bekomme die Meldung win32/small.ca-virus entfernen. Was soll ich tun? Win 7 64 bit
    Log-Analyse und Auswertung - 21.09.2013 (5)
  10. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 22.07.2013 (13)
  11. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (41)
  12. Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 27.06.2013 (13)
  13. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (19)
  14. Win32/Small.CA-Virus lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (21)
  15. Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 14.05.2013 (8)
  16. Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (7)

Zum Thema Win32/Small.CA-Virus entfernen - Hallo zusammen Windows zeigt folgende Meldung an: "Entfernen des Win32/Small.CA-Virus. Windows hat Win32/Small.CA, einen bekannten Computervirus, auf Ihrem PC erkannt. Win32/Small.CA hat bewirkt, dss Ihr PC 1 Mal nicht ordnungsgemäss - Win32/Small.CA-Virus entfernen...
Archiv
Du betrachtest: Win32/Small.CA-Virus entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.