Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Phising-Page bei Onlinebanking in FF + Trojan

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.05.2014, 14:17   #1
zoehrer1986
 
Phising-Page bei Onlinebanking in FF + Trojan - Standard

Phising-Page bei Onlinebanking in FF + Trojan



Ich habe das gleiche Problem wie bei diesen Thread:

http://www.trojaner-board.de/153417-...1659055-a.html

Leider gibt's dort leider auch keine Lösung...


folgende Scanner haben versagt:
SEP
ESET Online Scanner (hat was gefunden und entfernt..... Trojaner ist aber leider immer noch da...)
Malwarebytes Antimalware
Spybot!

Momentan läuft gerade Kombofix......

Wie ist normalerweise die Vorgehensweise? Bin neu hier....

mfg
zoehrer1986

Alt 09.05.2014, 14:37   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Phising-Page bei Onlinebanking in FF + Trojan - Standard

Phising-Page bei Onlinebanking in FF + Trojan



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.05.2014, 08:22   #3
zoehrer1986
 
Phising-Page bei Onlinebanking in FF + Trojan - Standard

Phising-Page bei Onlinebanking in FF + Trojan



Hallo,

Ich habe im vorigen threat mitgelesen und habe gerade combofix.exe am laufen.....
Ich könnte im Anschluss diese log posten und bei nicht gelingen mit Ihrem Schritt vortfahren... ist das So ok ?
mfg
zoehrer

Hallo,

nach Combofix war der Trojaner weg.....
Nach einem Neustart jedoch sofort wieder da....

anbei die Logs
FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by ***** (administrator) on **** on 09-05-2014 15:27:12
Running from \\sbs01\Zwischenablage
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\arenner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo, Japan, Ltd. ) C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Farbar) \\sbs01\Zwischenablage\FRST64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2010-03-18] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-1801674531-630328440-725345543-1158\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1801674531-630328440-725345543-1158\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1801674531-630328440-725345543-1158\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-1801674531-630328440-725345543-1158\...\Run: [imykatic] => C:\ProgramData\ypin\hvaxygid.exe [270336 2014-05-08] ()
HKU\S-1-5-21-1801674531-630328440-725345543-1158\...\Policies\Explorer: [NoNetConnectDisconnect] 1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\arenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\arenner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deAT474
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deAT474
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {9A74E90C-0233-4E1F-8EA1-105991C6FA12} hxxp://www.dvrdns.net/activex/snoopy/webviewer/lg6.0.0.31/webviewer.cab
Tcpip\..\Interfaces\{4D7E824E-C823-4EC5-823E-7565E366A9E8}: [NameServer]192.168.0.200,192.168.0.190

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []

==================== Services (Whitelisted) =================

R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-03-18] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-03-18] (Symantec Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R3 Lenovo.RapidDrive.Advanced.Svc; C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [209920 2011-10-06] (Lenovo, Japan, Ltd. )
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2010-03-18] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2010-03-18] (Symantec Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2010-03-18] (Symantec Corporation)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-29] (Symantec Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [594984 2011-04-07] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-23] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-23] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-02-28] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-13] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-13] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-13] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-13] (MCCI Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140508.034\eng64.sys [126040 2014-05-02] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140508.034\ex64.sys [2099288 2014-05-02] (Symantec Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2010-03-18] (Symantec Corporation)
R3 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [443952 2010-03-18] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2010-03-18] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [481840 2010-03-18] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-03-18] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2010-03-18] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-03-06] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2010-03-18] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2010-03-18] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2014-03-28] (Symantec Corporation)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [286248 2011-04-06] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-09 15:26 - 2014-05-09 15:27 - 00000000 ____D () C:\FRST
2014-05-09 15:05 - 2014-05-09 15:05 - 00037000 _____ () C:\ComboFix.txt
2014-05-09 13:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-09 13:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-09 13:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-09 13:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-09 13:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-09 13:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-09 13:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-09 13:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-09 13:55 - 2014-05-09 15:06 - 00000000 ____D () C:\Qoobox
2014-05-09 13:55 - 2014-05-09 15:01 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 09:47 - 2014-05-09 09:48 - 02347384 _____ (ESET) C:\Users\arenner\Downloads\esetsmartinstaller_deu.exe
2014-05-08 17:46 - 2014-05-09 08:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 17:46 - 2014-05-08 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 17:45 - 2014-05-08 17:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\arenner\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 17:23 - 2014-05-08 17:23 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-05-08 17:23 - 2014-05-08 17:23 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-08 17:18 - 2014-05-08 17:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-08 17:17 - 2014-05-08 17:17 - 21407864 _____ (Simply Super Software ) C:\Users\arenner\Downloads\trjsetup690.exe
2014-05-08 16:29 - 2014-05-08 17:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-08 16:29 - 2014-05-08 17:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-08 16:25 - 2014-05-08 16:27 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\arenner\Downloads\spybot-2.3.exe
2014-05-08 09:53 - 2014-05-08 09:53 - 00000000 ____D () C:\ProgramData\ypin
2014-05-07 13:25 - 2014-05-08 09:53 - 00000000 ____D () C:\ProgramData\ikym
2014-05-07 11:04 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\ucez
2014-05-05 13:14 - 2014-05-07 11:03 - 00000000 ____D () C:\ProgramData\anav
2014-05-05 13:13 - 2014-05-07 13:04 - 00000000 ____D () C:\ProgramData\avojdqus
2014-05-05 13:13 - 2014-05-05 13:14 - 00000000 ____D () C:\ProgramData\akur
2014-05-03 11:45 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 11:45 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 11:45 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 11:45 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 11:35 - 2014-05-03 11:35 - 00000000 ____D () C:\Users\arenner\AppData\Roaming\DropboxMaster
2014-04-25 15:56 - 2014-04-25 15:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 14:17 - 2014-05-05 16:56 - 00000000 ____D () C:\Users\arenner\AppData\Roaming\Google
2014-04-23 09:11 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-23 09:11 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-18 08:23 - 2014-04-18 08:23 - 00000000 ____D () C:\Users\arenner\AppData\Roaming\LSC
2014-04-10 09:13 - 2014-04-10 09:13 - 00000000 __SHD () C:\Users\arenner\AppData\Local\EmieUserList
2014-04-10 09:13 - 2014-04-10 09:13 - 00000000 __SHD () C:\Users\arenner\AppData\Local\EmieSiteList
2014-04-09 17:15 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 17:15 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 17:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 17:15 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-09 17:15 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 17:15 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 17:15 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 17:15 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 17:15 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-09 17:15 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-09 17:15 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 17:15 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-09 17:15 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 17:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 17:15 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 17:15 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-09 17:15 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 17:15 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 17:15 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 17:15 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 17:15 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-09 17:15 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 17:15 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 17:15 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-09 17:15 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-09 17:15 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 17:15 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-09 17:15 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 17:15 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-09 17:15 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 17:15 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-09 17:15 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-09 17:14 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 17:14 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 17:14 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 17:14 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 17:14 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 17:14 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 17:14 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 17:14 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 17:14 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 17:14 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 17:14 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 17:14 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 14:40 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 14:40 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 14:40 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 14:40 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 14:40 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 14:40 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 14:40 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 14:40 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 14:40 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 14:40 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 14:40 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 14:40 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 14:40 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 14:40 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 14:40 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 14:40 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 14:40 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 10:19 - 2014-04-09 10:19 - 00027659 _____ () C:\Users\arenner\Documents\EC 12 Endergebnis.xlsx

==================== One Month Modified Files and Folders =======

2014-05-09 15:27 - 2014-05-09 15:26 - 00000000 ____D () C:\FRST
2014-05-09 15:25 - 2013-07-14 08:53 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-09 15:23 - 2012-03-06 12:23 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-09 15:19 - 2009-07-14 06:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 15:19 - 2009-07-14 06:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 15:18 - 2012-03-06 12:23 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-09 15:17 - 2012-02-20 12:01 - 00703214 _____ () C:\Windows\system32\perfh007.dat
2014-05-09 15:17 - 2012-02-20 12:01 - 00150822 _____ () C:\Windows\system32\perfc007.dat
2014-05-09 15:17 - 2009-07-14 07:13 - 01629372 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 15:16 - 2012-07-17 07:27 - 00000000 ____D () C:\Users\arenner\AppData\Roaming\Dropbox
2014-05-09 15:16 - 2012-02-20 03:27 - 01715915 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 15:15 - 2013-07-14 08:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-09 15:15 - 2012-07-17 07:28 - 00000000 ___RD () C:\Dropbox
2014-05-09 15:13 - 2012-03-06 14:24 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-05-09 15:13 - 2012-02-20 03:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-09 15:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 15:13 - 2009-07-14 06:51 - 00112296 _____ () C:\Windows\setupact.log
2014-05-09 15:08 - 2012-03-06 15:10 - 01649782 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-09 15:06 - 2014-05-09 13:55 - 00000000 ____D () C:\Qoobox
2014-05-09 15:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-09 15:05 - 2014-05-09 15:05 - 00037000 _____ () C:\ComboFix.txt
2014-05-09 15:02 - 2012-03-07 14:36 - 00000000 ___RD () C:\Users\arenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 15:01 - 2014-05-09 13:55 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 14:56 - 2012-07-20 08:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-09 14:54 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-09 14:52 - 2012-02-20 03:29 - 00000000 ____D () C:\Program Files\Google
2014-05-09 14:52 - 2012-02-20 03:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-09 14:52 - 2010-11-21 05:47 - 00786238 _____ () C:\Windows\PFRO.log
2014-05-09 14:51 - 2009-07-14 04:34 - 85196800 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-09 14:51 - 2009-07-14 04:34 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-09 14:51 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-09 14:51 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-09 13:51 - 2012-03-07 15:09 - 00000000 ____D () C:\dvr.plugins
2014-05-09 13:50 - 2013-07-14 08:52 - 00000000 ____D () C:\Users\arenner\AppData\Local\Google
2014-05-09 09:48 - 2014-05-09 09:47 - 02347384 _____ (ESET) C:\Users\arenner\Downloads\esetsmartinstaller_deu.exe
2014-05-09 08:42 - 2014-05-08 17:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 17:46 - 2014-05-08 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 17:45 - 2014-05-08 17:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\arenner\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 17:23 - 2014-05-08 17:23 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-05-08 17:23 - 2014-05-08 17:23 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-08 17:19 - 2014-05-08 16:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-08 17:18 - 2014-05-08 17:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-08 17:18 - 2014-05-08 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-08 17:17 - 2014-05-08 17:17 - 21407864 _____ (Simply Super Software ) C:\Users\arenner\Downloads\trjsetup690.exe
2014-05-08 16:27 - 2014-05-08 16:25 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\arenner\Downloads\spybot-2.3.exe
2014-05-08 09:53 - 2014-05-08 09:53 - 00000000 ____D () C:\ProgramData\ypin
2014-05-08 09:53 - 2014-05-07 13:25 - 00000000 ____D () C:\ProgramData\ikym
2014-05-08 09:21 - 2013-07-14 08:53 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 09:21 - 2013-07-14 08:53 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 13:25 - 2014-05-07 11:04 - 00000000 ____D () C:\ProgramData\ucez
2014-05-07 13:04 - 2014-05-05 13:13 - 00000000 ____D () C:\ProgramData\avojdqus
2014-05-07 11:03 - 2014-05-05 13:14 - 00000000 ____D () C:\ProgramData\anav
2014-05-05 16:56 - 2014-04-23 14:17 - 00000000 ____D () C:\Users\arenner\AppData\Roaming\Google
2014-05-05 13:16 - 2012-05-21 12:44 - 00000000 ____D () C:\ProgramData\Sun
2014-05-05 13:14 - 2014-05-05 13:13 - 00000000 ____D () C:\ProgramData\akur
2014-05-03 11:35 - 2014-05-03 11:35 - 00000000 ____D () C:\Users\arenner\AppData\Roaming\DropboxMaster
2014-05-03 11:35 - 2012-07-17 07:28 - 00000996 _____ () C:\Users\arenner\Desktop\Dropbox.lnk
2014-05-03 11:35 - 2012-07-17 07:27 - 00000000 ____D () C:\Users\arenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-29 17:47 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-04-29 16:01 - 2014-05-03 11:45 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 11:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 11:45 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 11:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 07:56 - 2012-07-20 08:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 07:56 - 2012-07-20 08:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 07:56 - 2012-07-20 08:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 09:41 - 2013-09-04 07:22 - 00000000 ____D () C:\Users\arenner\Desktop\pcw
2014-04-25 15:56 - 2014-04-25 15:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 08:45 - 2012-03-07 14:57 - 00000000 ____D () C:\Users\arenner\AppData\Local\Adobe
2014-04-18 08:23 - 2014-04-18 08:23 - 00000000 ____D () C:\Users\arenner\AppData\Roaming\LSC
2014-04-15 14:05 - 2012-03-06 16:29 - 00000000 ____D () C:\REA
2014-04-14 04:24 - 2014-04-23 09:11 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-23 09:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-10 09:13 - 2014-04-10 09:13 - 00000000 __SHD () C:\Users\arenner\AppData\Local\EmieUserList
2014-04-10 09:13 - 2014-04-10 09:13 - 00000000 __SHD () C:\Users\arenner\AppData\Local\EmieSiteList
2014-04-10 07:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 06:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 17:15 - 2012-03-06 16:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 17:14 - 2013-08-29 07:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 17:13 - 2012-03-06 14:45 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 10:19 - 2014-04-09 10:19 - 00027659 _____ () C:\Users\arenner\Documents\EC 12 Endergebnis.xlsx

Some content of TEMP:
====================
C:\Users\arenner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphs4vch.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 07:01

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

anbei der Addition log....

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by arenner at 2014-05-09 15:27:26
Running from \\sbs01\Zwischenablage
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Austrian Module for Microsoft Dynamics NAV Classic Client (x32 Version: 6.0.32012.0 - Microsoft Corporation) Hidden
Autodesk Design Review 2012 (HKLM-x32\...\Autodesk Design Review 2012) (Version: 12.0.0.93 - Autodesk, Inc.)
Autodesk Design Review 2012 (x32 Version: 12.0.0.93 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2  (HKLM-x32\...\{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}) (Version: 1.2.0 - Autodesk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden
e-Wörterbücher (HKLM-x32\...\{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}) (Version:  - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDAutomation.com Code 128 Font Adv Package (HKLM-x32\...\IDAutomation.com Code 128 Font Adv Package) (Version:  - )
IDAutomation.com Font Encoder and Check Digit Calculator (HKLM-x32\...\IDAutomation.com Font Encoder and Check Digit Calculator) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 3 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.0.0019.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.1.9 - Hermann Schinagl)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Megabau Funktionen (HKLM-x32\...\{9966A401-86B6-4CDA-BF26-7C27F3FD5784}) (Version: 1.7.0 - Network Dimensions GesmbH)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Dynamics NAV 2009 Classic (x32 Version: 6.0.32012.0 - Microsoft Corporation) Hidden
Microsoft Dynamics NAV 2009 R2 (HKLM-x32\...\DynamicsNav60) (Version: 6.0.32012.0 - Microsoft Corporation)
Microsoft Dynamics NAV 6.0 Setup (x32 Version: 6.0.32012.0 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server PowerPivot for Excel (32-Bit) (HKLM-x32\...\{953576FC-C897-41DB-95DF-9514FD3C2FC0}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.4.1.6 - Ericsson AB)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Network Dimensions NAVEDIT (HKLM-x32\...\Network Dimensions NAVEDIT) (Version:  - )
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1269 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 312.69 (Version: 312.69 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
RapidDrive Advanced Version 1.0.12 (HKLM-x32\...\{F8F9F1AC-5CB0-4DBB-87FA-1A6BC4EA02E5}_is1) (Version: 1.0.12 - LENOVO, Inc.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Symantec Endpoint Protection (HKLM\...\{530992D4-DDBA-4F68-8B0D-FF50AC57531B}) (Version: 11.0.5002.333 - Symantec Corporation)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.84 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.73 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.6.1 - uvnc bvba)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.140 - VeriSign)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows-Treiberpaket - Intel USB  (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)

==================== Restore Points  =========================

17-04-2014 05:47:22 Geplanter Prüfpunkt
24-04-2014 22:00:00 Geplanter Prüfpunkt
25-04-2014 13:56:29 Windows Update
03-05-2014 09:45:51 Windows Update
09-05-2014 11:57:08 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-09 14:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08A7F88B-2BAE-4AC4-9B14-060021B4851B} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()
Task: {23F09E87-0430-42B8-B91C-AB8992425676} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: {2600FD66-923B-46AA-9362-3E9F59A3FBDB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {37F1830B-6C6B-4CAE-B857-D74C4D51E8FE} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {3B989DC1-5D95-478B-94B9-597C8306F618} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for STAHLBAU.arenner => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {488C8B1E-AE5A-441E-A1A3-43292A84ACBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {4A86B774-2DD8-47CC-B6A7-B563E5C0BDC1} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {4E3AE3FC-9246-444D-8E27-B6BD42ADD5B7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {54AD14F4-76EE-4597-A2BD-774B5476D55E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {64D4782D-554D-42D5-981E-214277B834CD} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {6C0798E8-3C84-410E-8458-B8117E223708} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {70DEA30A-F2CE-44E1-974A-285CB1C26540} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {822A573A-6F88-4C74-AEB7-22CF1DA70A7F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {A07BE94A-7DCA-4B05-A5BF-1D509A4CA50A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: {AAFB805C-11B7-4753-B7EA-7C648E350CC5} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {AB0596F0-41B6-4C8D-A61C-B563030BE73C} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {AD8C8636-CCF0-4C3E-891E-63D80DD05A2E} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for STAHLBAU.Administrator => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {C907BC41-2319-4AD3-9DE1-36B9603BFA7E} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {CAA1AB88-2E68-4FD3-B218-E253075BF8A7} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {E45D0C13-599E-4E92-BE31-ACD9BD783481} - System32\Tasks\StartRapidDriveAdvancedServiceTask => net
Task: {EFC56C6C-1BAA-439C-9931-9715F4F51518} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2012-03-07 14:56 - 2011-02-17 20:13 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll
2012-03-06 14:58 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-10-31 12:16 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2012-02-20 03:23 - 2011-08-31 20:03 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2010-12-18 16:50 - 2010-12-18 16:50 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-02-20 11:58 - 2011-05-19 14:04 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-02-20 03:18 - 2010-10-26 11:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-02-20 03:21 - 2011-03-06 13:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-05-27 23:09 - 2009-05-27 23:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-04-14 13:15 - 2011-04-14 13:15 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2012-02-20 22:29 - 2012-02-20 22:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 22:28 - 2012-02-20 22:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-20 03:21 - 2011-03-10 12:06 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2011-04-14 13:34 - 2011-04-14 13:34 - 00059392 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll
2012-02-20 03:23 - 2010-04-06 10:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-02-20 03:23 - 2010-04-06 10:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-05-09 15:15 - 2014-05-09 15:15 - 00041984 _____ () c:\users\arenner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphs4vch.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\arenner\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-02-20 03:31 - 2011-09-30 16:57 - 00218624 _____ () C:\Program Files (x86)\Lenovo\RapidDrive Advanced\SSDetectPartition.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2014 03:15:49 PM) (Source: Microsoft-Windows-User Profiles Service) (User: STAHLBAU) (EventID: 1526)
Description: Das servergespeicherte Benutzerprofil wurde nicht geladen. Sie werden mit einem lokalen Benutzerprofil angemeldet. Änderungen an dem Profil werden nach der Abmeldung nicht auf den Server kopiert. Das Profil konnte nicht geladen werden, da eine bereits vorhandene Serverkopie des Profilordners die falschen Sicherheitseinstellungen aufweist. Entweder der aktuelle Benutzer oder die Administratorengruppe muss Besitzer dieses Ordners sein.

Error: (05/09/2014 03:13:24 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) (EventID: 10)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (05/09/2014 02:54:05 PM) (Source: Microsoft-Windows-User Profiles Service) (User: STAHLBAU) (EventID: 1526)
Description: Das servergespeicherte Benutzerprofil wurde nicht geladen. Sie werden mit einem lokalen Benutzerprofil angemeldet. Änderungen an dem Profil werden nach der Abmeldung nicht auf den Server kopiert. Das Profil konnte nicht geladen werden, da eine bereits vorhandene Serverkopie des Profilordners die falschen Sicherheitseinstellungen aufweist. Entweder der aktuelle Benutzer oder die Administratorengruppe muss Besitzer dieses Ordners sein.

Error: (05/09/2014 02:52:18 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) (EventID: 10)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (05/09/2014 01:57:47 PM) (Source: SescLU) (User: ) (EventID: 13)
Description: LiveUpdate returned a non-critical error.  Available content updates may have failed to install.

Error: (05/09/2014 11:07:27 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/09/2014 11:07:26 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/09/2014 11:07:26 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/09/2014 09:51:15 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/09/2014 09:51:14 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (05/09/2014 03:25:53 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/09/2014 03:15:51 PM) (Source: Kerberos) (User: ) (EventID: 4)
Description: Der Kerberos-Client hat einen KRB_AP_ERR_MODIFIED-Fehler von Server "sbs03$" empfangen. Der verwendete Zielname war cifs/sbs003.STAHLBAU.local. Dies deutet darauf hin, dass der Zielserver das vom Client bereitgestellte Token nicht entschlüsseln konnte. Dies kann auftreten, wenn der Ziel-Serverprinzipalname (SPN) nicht bei dem Konto registriert ist, dass der Zieldienst verwendet. Stellen Sie sicher, dass der Ziel-SPN bei dem Konto registriert ist, das vom Server verwendet wird, und zwar ausschließlich bei diesem Konto. Dieser Fehler kann auch auftreten, wenn der Zieldienst ein anderes Kennwort für das Zieldienstkonto verwendet als das Kennwort, das vom Kerberos-KDC (Key Distribution Center) für das Zieldienstkonto verwendet wird. Stellen Sie sicher, dass der Dienst auf dem Server und im KDC beide für die Verwendung des aktuellen Kennworts aktualisiert wurden. Wenn der Servername nicht vollqualifiziert ist und sich die Zieldomäne (STAHLBAU.LOCAL) von der Clientdomäne (STAHLBAU.LOCAL) unterscheidet, prüfen Sie, ob sich in diesen beiden Domänen Serverkonten mit gleichem Namen befinden, oder verwenden Sie den vollqualifizierten Namen, um den Server zu identifizieren.

Error: (05/09/2014 03:15:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/09/2014 03:15:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/09/2014 03:13:51 PM) (Source: TermService) (User: ) (EventID: 1067)
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (05/09/2014 03:13:23 PM) (Source: NETLOGON) (User: ) (EventID: 5719)
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne STAHLBAU aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (05/09/2014 02:54:10 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/09/2014 02:54:10 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/09/2014 02:54:08 PM) (Source: Kerberos) (User: ) (EventID: 4)
Description: Der Kerberos-Client hat einen KRB_AP_ERR_MODIFIED-Fehler von Server "sbs03$" empfangen. Der verwendete Zielname war cifs/sbs003.STAHLBAU.local. Dies deutet darauf hin, dass der Zielserver das vom Client bereitgestellte Token nicht entschlüsseln konnte. Dies kann auftreten, wenn der Ziel-Serverprinzipalname (SPN) nicht bei dem Konto registriert ist, dass der Zieldienst verwendet. Stellen Sie sicher, dass der Ziel-SPN bei dem Konto registriert ist, das vom Server verwendet wird, und zwar ausschließlich bei diesem Konto. Dieser Fehler kann auch auftreten, wenn der Zieldienst ein anderes Kennwort für das Zieldienstkonto verwendet als das Kennwort, das vom Kerberos-KDC (Key Distribution Center) für das Zieldienstkonto verwendet wird. Stellen Sie sicher, dass der Dienst auf dem Server und im KDC beide für die Verwendung des aktuellen Kennworts aktualisiert wurden. Wenn der Servername nicht vollqualifiziert ist und sich die Zieldomäne (STAHLBAU.LOCAL) von der Clientdomäne (STAHLBAU.LOCAL) unterscheidet, prüfen Sie, ob sich in diesen beiden Domänen Serverkonten mit gleichem Namen befinden, oder verwenden Sie den vollqualifizierten Namen, um den Server zu identifizieren.

Error: (05/09/2014 02:52:05 PM) (Source: NETLOGON) (User: ) (EventID: 5719)
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne STAHLBAU aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.


Microsoft Office Sessions:
=========================
Error: (05/09/2014 03:15:49 PM) (Source: Microsoft-Windows-User Profiles Service) (User: STAHLBAU) (EventID: 1526)
Description: 

Error: (05/09/2014 03:13:24 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 02:54:05 PM) (Source: Microsoft-Windows-User Profiles Service) (User: STAHLBAU) (EventID: 1526)
Description: 

Error: (05/09/2014 02:52:18 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 01:57:47 PM) (Source: SescLU) (User: ) (EventID: 13)
Description: LiveUpdate returned a non-critical error.  Available content updates may have failed to install.

Error: (05/09/2014 11:07:27 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\arenner\Downloads\esetsmartinstaller_deu.exe

Error: (05/09/2014 11:07:26 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\arenner\Downloads\esetsmartinstaller_deu.exe

Error: (05/09/2014 11:07:26 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\arenner\Downloads\esetsmartinstaller_deu.exe

Error: (05/09/2014 09:51:15 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\arenner\Downloads\esetsmartinstaller_deu.exe

Error: (05/09/2014 09:51:14 AM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\arenner\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-05-09 14:09:36.677
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-09 14:09:36.615
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-05 16:25:25.111
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-05 16:25:25.042
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-05 16:25:24.967
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-05 16:25:24.906
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-20 07:13:59.317
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-20 07:13:59.270
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-20 07:13:59.221
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-20 07:13:59.139
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 3978.23 MB
Available physical RAM: 2096.2 MB
Total Pagefile: 7954.65 MB
Available Pagefile: 6055.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:131.96 GB) (Free:26.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: D8551AA0)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=132 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
geht hier irgendwann noch was weiter ?
__________________

Alt 11.05.2014, 07:20   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Phising-Page bei Onlinebanking in FF + Trojan - Standard

Phising-Page bei Onlinebanking in FF + Trojan



Zitat:
geht hier irgendwann noch was weiter ?
KLar. Aber da du mir meinen Monatslohn nit überweist muss ich nebenbei noch richtig arbeiten, neben dem rumspielen hier in meiner Freizeit.

UNd da ich neben dir noch 300 andere User mit verseuchtem Rechner habe dauert es eben en bissl.

Poste mal bitte das Log von Combofix, zu finden unter C:\Combofix.txt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.05.2014, 09:25   #5
zoehrer1986
 
Phising-Page bei Onlinebanking in FF + Trojan - Standard

Phising-Page bei Onlinebanking in FF + Trojan



Hallo Schrauber,

anbei der letzt log von gesternCombofix Versuch......

Ich habe am Freitag mit Combofix das versucht zu entfernen....
Jedoch war der SEP noch drauf hat offensichtlich das ganze gestört....
Der Trojaner war nachher wieder da.......

Im 2.ten Versuch habe ich SEP entfernt und dann Kombofix laufen lassen...
Mit dem Ergebnis das die exe files auf C:\Programmdata weg waren.....
Jedoch hat nach dem Combofix so einiges anderes nicht mehr funktioniert.
zB eine HTTPS Seite aufrufen... Ich habe dan wieder zurückgerudert!
Ein Test ob die Phising Seite nicht mehr kommt konnte ich auch nicht machen,
da ich von meiner Bank Testlogin Daten spät. am Montag wieder bekomme...

mfg

Johannes

Anbei der 2. Log von gestern

Code:
ATTFilter
ComboFix 14-05-10.01 - arenner 10.05.2014  20:35:16.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.3978.2216 [GMT 2:00]
ausgeführt von:: c:\users\arenner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
C:\root
c:\root\wpfdot.exe
c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\outicon.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-10 bis 2014-05-10  ))))))))))))))))))))))))))))))
.
.
2014-05-10 18:58 . 2014-05-10 18:58	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-05-10 18:58 . 2014-05-10 18:58	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2014-05-10 18:58 . 2014-05-10 18:58	--------	d-----w-	c:\users\renner\AppData\Local\temp
2014-05-10 18:58 . 2014-05-10 18:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-10 18:58 . 2014-05-10 18:58	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-05-10 17:35 . 2014-05-10 17:35	--------	d-----w-	c:\programdata\emuw
2014-05-10 17:04 . 2014-05-10 17:35	--------	d-----w-	c:\programdata\isiw
2014-05-10 16:40 . 2014-05-10 17:04	--------	d-----w-	c:\programdata\osnf
2014-05-10 16:29 . 2014-05-10 16:40	--------	d-----w-	c:\programdata\yqad
2014-05-10 16:26 . 2014-05-10 17:35	--------	d-----w-	c:\programdata\qpov
2014-05-10 16:25 . 2014-05-10 16:26	--------	d-----w-	c:\programdata\ovoq
2014-05-10 16:23 . 2014-05-10 16:25	--------	d-----w-	c:\programdata\uhek
2014-05-10 16:22 . 2014-05-10 16:23	--------	d-----w-	c:\programdata\ugxv
2014-05-10 16:14 . 2014-05-10 17:35	--------	d-----w-	c:\programdata\fbaw
2014-05-10 15:27 . 2014-05-10 16:14	--------	d-----w-	c:\programdata\umeh
2014-05-10 15:14 . 2014-05-10 15:27	--------	d-----w-	c:\programdata\eqol
2014-05-09 15:01 . 2014-05-09 15:01	--------	d-----w-	c:\users\arenner\AppData\Roaming\LavasoftStatistics
2014-05-09 14:32 . 2014-05-09 14:32	--------	d-----w-	c:\programdata\Lavasoft
2014-05-09 13:26 . 2014-05-09 13:27	--------	d-----w-	C:\FRST
2014-05-09 07:49 . 2014-05-10 14:48	--------	d-----w-	c:\program files (x86)\ESET
2014-05-08 15:46 . 2014-05-09 06:42	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-08 15:46 . 2014-05-08 15:46	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-08 15:23 . 2014-05-08 15:23	--------	d-----w-	c:\programdata\Licenses
2014-05-08 15:23 . 2014-05-08 15:23	--------	d-----w-	c:\programdata\Simply Super Software
2014-05-08 14:29 . 2014-05-08 15:18	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-05-08 14:29 . 2014-05-08 15:19	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-08 07:53 . 2014-05-10 15:14	--------	d-----w-	c:\programdata\ypin
2014-05-07 11:25 . 2014-05-08 07:53	--------	d-----w-	c:\programdata\ikym
2014-05-07 09:04 . 2014-05-07 11:25	--------	d-----w-	c:\programdata\ucez
2014-05-05 11:14 . 2014-05-07 09:03	--------	d-----w-	c:\programdata\anav
2014-05-05 11:13 . 2014-05-05 11:14	--------	d-----w-	c:\programdata\akur
2014-05-05 11:13 . 2014-05-07 11:04	--------	d-----w-	c:\programdata\avojdqus
2014-05-03 09:45 . 2014-04-29 14:01	23547904	----a-w-	c:\windows\system32\mshtml.dll
2014-05-03 09:45 . 2014-04-29 13:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-03 09:45 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-03 09:35 . 2014-05-03 09:35	--------	d-----w-	c:\users\arenner\AppData\Roaming\DropboxMaster
2014-04-25 13:56 . 2014-04-25 13:56	--------	d-s---w-	c:\windows\system32\CompatTel
2014-04-23 07:11 . 2014-04-14 02:24	465408	----a-w-	c:\windows\system32\aepdu.dll
2014-04-23 07:11 . 2014-04-14 02:19	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-04-18 06:23 . 2014-04-18 06:23	--------	d-----w-	c:\users\arenner\AppData\Roaming\LSC
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 05:56 . 2012-07-20 06:04	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 05:56 . 2012-07-20 06:04	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-09 15:13 . 2012-03-06 12:45	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-04-03 08:24 . 2014-04-03 08:24	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-04-03 08:24 . 2014-04-03 08:24	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-04-03 08:24 . 2014-04-03 08:24	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-04-03 08:24 . 2014-04-03 08:24	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-04-03 08:24 . 2014-04-03 08:24	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-04-03 08:24 . 2014-04-03 08:24	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-04-03 08:24 . 2014-04-03 08:24	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-04-03 08:24 . 2014-04-03 08:24	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-04-03 08:24 . 2014-04-03 08:24	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-04-03 08:24 . 2014-04-03 08:24	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-04-03 08:24 . 2014-04-03 08:24	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-04-03 08:24 . 2014-04-03 08:24	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-04-03 08:24 . 2014-04-03 08:24	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-04-03 08:24 . 2014-04-03 08:24	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-04-03 08:24 . 2014-04-03 08:24	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-04-03 08:24 . 2014-04-03 08:24	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-04-03 08:24 . 2014-04-03 08:24	247808	----a-w-	c:\windows\system32\msls31.dll
2014-04-03 08:24 . 2014-04-03 08:24	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-04-03 08:24 . 2014-04-03 08:24	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-04-03 08:24 . 2014-04-03 08:24	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-04-03 08:24 . 2014-04-03 08:24	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-04-03 08:24 . 2014-04-03 08:24	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-04-03 08:24 . 2014-04-03 08:24	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-04-03 08:24 . 2014-04-03 08:24	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-04-03 08:24 . 2014-04-03 08:24	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-04-03 08:24 . 2014-04-03 08:24	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-04-03 08:24 . 2014-04-03 08:24	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-04-03 08:24 . 2014-04-03 08:24	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-04-03 08:24 . 2014-04-03 08:24	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-04-03 08:24 . 2014-04-03 08:24	81408	----a-w-	c:\windows\system32\icardie.dll
2014-04-03 08:24 . 2014-04-03 08:24	774144	----a-w-	c:\windows\system32\jscript.dll
2014-04-03 08:24 . 2014-04-03 08:24	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-04-03 08:24 . 2014-04-03 08:24	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-04-03 08:24 . 2014-04-03 08:24	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-04-03 08:24 . 2014-04-03 08:24	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-04-03 08:24 . 2014-04-03 08:24	413696	----a-w-	c:\windows\system32\html.iec
2014-04-03 08:24 . 2014-04-03 08:24	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-04-03 08:24 . 2014-04-03 08:24	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2014-04-03 08:24 . 2014-04-03 08:24	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-04-03 08:24 . 2014-04-03 08:24	235520	----a-w-	c:\windows\system32\url.dll
2014-04-03 08:24 . 2014-04-03 08:24	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-04-03 08:24 . 2014-04-03 08:24	147968	----a-w-	c:\windows\system32\occache.dll
2014-04-03 08:24 . 2014-04-03 08:24	143872	----a-w-	c:\windows\system32\wextract.exe
2014-04-03 08:24 . 2014-04-03 08:24	13824	----a-w-	c:\windows\system32\mshta.exe
2014-04-03 08:24 . 2014-04-03 08:24	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-04-03 08:24 . 2014-04-03 08:24	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-04-03 08:24 . 2014-04-03 08:24	101376	----a-w-	c:\windows\system32\inseng.dll
2014-03-06 09:31 . 2014-04-09 15:15	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-09 15:15	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-09 15:15	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-09 15:15	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-09 15:14	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-09 15:15	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-09 15:15	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-09 15:15	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-09 15:15	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-09 15:15	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-09 15:15	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-09 15:15	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-09 15:14	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-09 15:15	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-09 15:15	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-09 15:15	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-09 15:15	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-09 15:15	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-09 15:15	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-09 15:15	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-09 15:14	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-09 15:15	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-09 15:15	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-09 15:15	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-09 15:15	628736	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-09 15:15	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-09 15:14	2043904	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-09 15:14	13551104	----a-w-	c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-09 15:14	1967104	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-09 15:14	2260480	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-09 15:14	1400832	----a-w-	c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-09 15:15	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-09 15:14	1789440	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 12:40	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 12:40	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 12:40	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 12:40	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 12:40	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 12:40	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 12:40	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 12:40	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 12:40	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 12:40	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 12:40	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408]
"amymacic"="c:\programdata\emuw\umowetus.exe" [2014-05-10 270336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-10-03 1631296]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\arenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\arenner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetConnectDisconnect"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
2;3 Lenovo.RapidDrive.Advanced.Svc;Lenovo RapidDrive Advanced Service;c:\program files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe;c:\program files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 05:56]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14 06:52]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14 06:52]
.
2014-05-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2014-05-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2012-05-27 19:50	522440	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2012-05-27 19:50	522440	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2012-05-27 19:50	522440	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: Interfaces\{4D7E824E-C823-4EC5-823E-7565E366A9E8}: NameServer = 192.168.0.200,192.168.0.190
DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} - hxxp://www.dvrdns.net/activex/snoopy/webviewer/lg6.0.0.31/webviewer.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
c:\users\arenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\outicon.exe
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-10  21:17:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-10 19:17
ComboFix2.txt  2014-05-09 13:05
.
Vor Suchlauf: 17 Verzeichnis(se), 48.547.176.448 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 47.890.030.592 Bytes frei
.
- - End Of File - - 8FB954A328B174CE3CB0A0F3755E29D7
         
anbei noch der Combofix log vom Freitag...

Code:
ATTFilter
ComboFix 14-05-07.03 - arenner 09.05.2014  13:58:16.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.3978.1722 [GMT 2:00]
ausgeführt von:: c:\users\arenner\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Roaming
C:\root
c:\root\wpfdot.exe
c:\users\arenner\AppData\Local\assembly\tmp
c:\users\arenner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EEF3681C-0B88-4157-9599-402E4DAD933D}.xps
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\0085e7a4\00184f9e_b732cd01\SimpleTapAppStoreAddon.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\074b2b6e\00e861b1_b732cd01\Wikipedia.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\12d410c0\00eb1d9d_b732cd01\AccuWeatherTile.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\1346f828\00483c8b_b732cd01\DisplayBrightnessApi.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\1ad4effc\0098ccc4_24c0cc01\Flickr.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\20e57e89\00349dac_b732cd01\LenovoTV.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\23a7e238\00cfdfcb_d5e0cc01\NewsTile.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\3037f05c\0091bb9a_b732cd01\Chrome.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\3b2e20de\002676a5_b732cd01\Groupon.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\3d47fbb7\001b0b8a_b732cd01\CoreAudioApi.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\49b4317d\00ddf695_b732cd01\Biztree.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\75ad0e75\001d5ac0_ded9cc01\AccuWeatherTile.resources.DLL
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\78cf5da9\00492e39_f300cd01\SugarSync.SimpleTapAddons.FileManager.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\8c3ae86a\00b0c594_b732cd01\ScreenRotate.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\90f48e40\005ef94f_24c0cc01\KeyboardLightApi.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\9e19af28\00da3aaa_b732cd01\LenovoSolutionCenter.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\9f28d997\00e861b1_b732cd01\Skype.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\a69c139c\00375998_b732cd01\DefaultTheme.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\ac0ae4d3\00beec9b_b732cd01\InternetExplorer.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\b338f83e\008effae_b732cd01\MessageCenterPlus.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\da05453b\00eb1d9d_b732cd01\PriceGrabber.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\dea9f281\00beec9b_b732cd01\EvernoteLauncher.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\e73ddb0e\0053a7a6_b732cd01\LenovoMusic.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\f0b71dbc\002676a5_b732cd01\Kayak.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\f1d5efce\00bb30b0_b732cd01\MSOffice.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\f7c0587c\00a29e8d_b732cd01\WirelessApi.dll
c:\users\arenner\AppData\Local\Temp\SimpleTap\assembly\dl3\fd545c8f\001d5ac0_ded9cc01\AccuWeatherTile.resources.DLL
c:\users\arenner\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\outicon.exe
c:\windows\wininit.ini
Q:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-09 bis 2014-05-09  ))))))))))))))))))))))))))))))
.
.
2014-05-09 12:46 . 2014-05-09 12:46	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-05-09 12:46 . 2014-05-09 12:46	--------	d-----w-	c:\users\renner\AppData\Local\temp
2014-05-09 12:46 . 2014-05-09 12:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-09 12:46 . 2014-05-09 12:46	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-05-08 15:46 . 2014-05-09 06:42	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-08 15:46 . 2014-05-08 15:46	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-08 15:23 . 2014-05-08 15:23	--------	d-----w-	c:\programdata\Licenses
2014-05-08 15:23 . 2014-05-08 15:23	--------	d-----w-	c:\programdata\Simply Super Software
2014-05-08 14:29 . 2014-05-08 15:18	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-05-08 14:29 . 2014-05-08 15:19	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-08 07:53 . 2014-05-08 07:53	--------	d-----w-	c:\programdata\ypin
2014-05-07 11:25 . 2014-05-08 07:53	--------	d-----w-	c:\programdata\ikym
2014-05-07 09:04 . 2014-05-07 11:25	--------	d-----w-	c:\programdata\ucez
2014-05-05 11:14 . 2014-05-07 09:03	--------	d-----w-	c:\programdata\anav
2014-05-05 11:13 . 2014-05-05 11:14	--------	d-----w-	c:\programdata\akur
2014-05-05 11:13 . 2014-05-07 11:04	--------	d-----w-	c:\programdata\avojdqus
2014-05-03 09:45 . 2014-04-29 14:01	23547904	----a-w-	c:\windows\system32\mshtml.dll
2014-05-03 09:45 . 2014-04-29 13:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-03 09:45 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-03 09:35 . 2014-05-03 09:35	--------	d-----w-	c:\users\arenner\AppData\Roaming\DropboxMaster
2014-04-25 13:56 . 2014-04-25 13:56	--------	d-s---w-	c:\windows\system32\CompatTel
2014-04-23 07:11 . 2014-04-14 02:24	465408	----a-w-	c:\windows\system32\aepdu.dll
2014-04-23 07:11 . 2014-04-14 02:19	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-04-18 06:23 . 2014-04-18 06:23	--------	d-----w-	c:\users\arenner\AppData\Roaming\LSC
2014-04-10 07:13 . 2014-04-10 07:13	--------	d-sh--w-	c:\users\arenner\AppData\Local\EmieUserList
2014-04-10 07:13 . 2014-04-10 07:13	--------	d-sh--w-	c:\users\arenner\AppData\Local\EmieSiteList
2014-04-09 15:14 . 2014-03-08 02:34	809680	----a-w-	c:\program files\Internet Explorer\iexplore.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 05:56 . 2012-07-20 06:04	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 05:56 . 2012-07-20 06:04	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-09 15:13 . 2012-03-06 12:45	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-04-03 08:24 . 2014-04-03 08:24	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-04-03 08:24 . 2014-04-03 08:24	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-04-03 08:24 . 2014-04-03 08:24	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-04-03 08:24 . 2014-04-03 08:24	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-04-03 08:24 . 2014-04-03 08:24	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-04-03 08:24 . 2014-04-03 08:24	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-04-03 08:24 . 2014-04-03 08:24	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-04-03 08:24 . 2014-04-03 08:24	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-04-03 08:24 . 2014-04-03 08:24	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-04-03 08:24 . 2014-04-03 08:24	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-04-03 08:24 . 2014-04-03 08:24	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-04-03 08:24 . 2014-04-03 08:24	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-04-03 08:24 . 2014-04-03 08:24	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-04-03 08:24 . 2014-04-03 08:24	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-04-03 08:24 . 2014-04-03 08:24	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-04-03 08:24 . 2014-04-03 08:24	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-04-03 08:24 . 2014-04-03 08:24	247808	----a-w-	c:\windows\system32\msls31.dll
2014-04-03 08:24 . 2014-04-03 08:24	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-04-03 08:24 . 2014-04-03 08:24	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-04-03 08:24 . 2014-04-03 08:24	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-04-03 08:24 . 2014-04-03 08:24	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-04-03 08:24 . 2014-04-03 08:24	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-04-03 08:24 . 2014-04-03 08:24	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-04-03 08:24 . 2014-04-03 08:24	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-04-03 08:24 . 2014-04-03 08:24	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-04-03 08:24 . 2014-04-03 08:24	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-04-03 08:24 . 2014-04-03 08:24	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-04-03 08:24 . 2014-04-03 08:24	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-04-03 08:24 . 2014-04-03 08:24	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-04-03 08:24 . 2014-04-03 08:24	81408	----a-w-	c:\windows\system32\icardie.dll
2014-04-03 08:24 . 2014-04-03 08:24	774144	----a-w-	c:\windows\system32\jscript.dll
2014-04-03 08:24 . 2014-04-03 08:24	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-04-03 08:24 . 2014-04-03 08:24	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-04-03 08:24 . 2014-04-03 08:24	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-04-03 08:24 . 2014-04-03 08:24	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-04-03 08:24 . 2014-04-03 08:24	413696	----a-w-	c:\windows\system32\html.iec
2014-04-03 08:24 . 2014-04-03 08:24	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-04-03 08:24 . 2014-04-03 08:24	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2014-04-03 08:24 . 2014-04-03 08:24	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-04-03 08:24 . 2014-04-03 08:24	235520	----a-w-	c:\windows\system32\url.dll
2014-04-03 08:24 . 2014-04-03 08:24	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-04-03 08:24 . 2014-04-03 08:24	147968	----a-w-	c:\windows\system32\occache.dll
2014-04-03 08:24 . 2014-04-03 08:24	143872	----a-w-	c:\windows\system32\wextract.exe
2014-04-03 08:24 . 2014-04-03 08:24	13824	----a-w-	c:\windows\system32\mshta.exe
2014-04-03 08:24 . 2014-04-03 08:24	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-04-03 08:24 . 2014-04-03 08:24	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-04-03 08:24 . 2014-04-03 08:24	101376	----a-w-	c:\windows\system32\inseng.dll
2014-03-28 05:27 . 2012-03-06 12:42	233120	----a-w-	c:\windows\system32\drivers\wpshelper.sys
2014-03-04 09:44 . 2014-04-09 12:40	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 12:40	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 12:40	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 12:40	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 12:40	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 12:40	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 12:40	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 12:40	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 12:40	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 12:40	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 12:40	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408]
"imykatic"="c:\programdata\ypin\hvaxygid.exe" [2014-05-08 270336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-10-03 1631296]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-03-18 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\arenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\arenner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetConnectDisconnect"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
S3 Lenovo.RapidDrive.Advanced.Svc;Lenovo RapidDrive Advanced Service;c:\program files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe;c:\program files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [x]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 05:56]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14 06:52]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14 06:52]
.
2014-05-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2014-05-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\arenner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2012-05-27 19:50	522440	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2012-05-27 19:50	522440	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2012-05-27 19:50	522440	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: Interfaces\{4D7E824E-C823-4EC5-823E-7565E366A9E8}: NameServer = 192.168.0.200,192.168.0.190
DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} - hxxp://www.dvrdns.net/activex/snoopy/webviewer/lg6.0.0.31/webviewer.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
c:\users\arenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\outicon.exe
SafeBoot-Symantec Antvirus
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-09  15:05:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-09 13:05
.
Vor Suchlauf: 16 Verzeichnis(se), 27.764.477.952 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 28.643.794.944 Bytes frei
.
- - End Of File - - 5232218B6126057C3EE0B46B196DC73A
         
Übrigends Monatslohn kann ich dir keinen Überrweisen.....
Aber wenn das ganze klappt das wir das Mistding weg bekommen,
dann würde ich für das Forum ein kleine Spende machen....
mfg
zoehrer


Alt 12.05.2014, 11:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Phising-Page bei Onlinebanking in FF + Trojan - Standard

Phising-Page bei Onlinebanking in FF + Trojan



Zitat:
Übrigends Monatslohn kann ich dir keinen Überrweisen.....
so war das auch nit gemeint. Damit versuche ich dir nur zu erklären dass das hier freizeit is und ich noch andere Sachen zu tun habe.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Phising-Page bei Onlinebanking in FF + Trojan

Antwort

Themen zu Phising-Page bei Onlinebanking in FF + Trojan
ebanking, entfern, gefunde, neu, onlinebanking, problem, scan, scanner, tan, thread, troja, trojan, versagt, vorgehensweise



Ähnliche Themen: Phising-Page bei Onlinebanking in FF + Trojan


  1. Norton 360 "System Infected: Trojan.Ransomlock.G" blockiert - Virus in Quarantäne - Onlinebanking sFirm nicht mehr ausführbar
    Plagegeister aller Art und deren Bekämpfung - 31.01.2015 (15)
  2. Windows 7 - (trojan.ransom.gend) - Gruppenrichtline verhinder AVP ausführung, Onlinebanking Phishing
    Log-Analyse und Auswertung - 12.06.2014 (11)
  3. W7: Phising-Page bei Onlinebanking in FF + Trojan.GenericKD.1659055 ?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (14)
  4. paypal phising
    Plagegeister aller Art und deren Bekämpfung - 15.05.2014 (3)
  5. Windows7 - eGdpSvc.exe Trojan - Internetoptionen geht nicht- Onlinebanking
    Log-Analyse und Auswertung - 06.02.2014 (14)
  6. Onlinebanking Attacke...Trojan.Zbot.FV
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (13)
  7. Onlinebanking-Trojaner Zeus2 / ZBot obwohl KEIN Onlinebanking genutzt wird
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (4)
  8. Trojan.Agent.IET / IPH.Trojan.Zbot.Rke / 100er Tan Abfrage OnlineBanking Deutsche Bank
    Log-Analyse und Auswertung - 27.03.2013 (10)
  9. phising mail
    Log-Analyse und Auswertung - 13.02.2013 (1)
  10. PAYPAL - PHISING - TR/LOCKSCREEN.BC und co
    Log-Analyse und Auswertung - 23.01.2013 (10)
  11. Trojan.Start.Page & Hijack.Start.Page
    Log-Analyse und Auswertung - 24.06.2012 (1)
  12. Error we are sorry the payment page was Not opened correctly. Please go back to the merchant page to
    Plagegeister aller Art und deren Bekämpfung - 09.11.2011 (7)
  13. Trojan.Win32.Generic!SB.0 blockt Onlinebanking
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (17)
  14. Antivir meldet infected web.page.gen. Trojan.Dropper/Gen-X32?
    Plagegeister aller Art und deren Bekämpfung - 08.02.2010 (1)
  15. trojan.start.page entfernen
    Log-Analyse und Auswertung - 28.02.2005 (3)
  16. Trojan start.page löschen klappt nicht
    Plagegeister aller Art und deren Bekämpfung - 28.02.2005 (3)
  17. Wer kann mir bei der Entfernung von Trojan Start Page helfen ?
    Plagegeister aller Art und deren Bekämpfung - 09.04.2004 (1)

Zum Thema Phising-Page bei Onlinebanking in FF + Trojan - Ich habe das gleiche Problem wie bei diesen Thread: http://www.trojaner-board.de/153417-...1659055-a.html Leider gibt's dort leider auch keine Lösung... folgende Scanner haben versagt: SEP ESET Online Scanner (hat was gefunden und entfernt..... - Phising-Page bei Onlinebanking in FF + Trojan...
Archiv
Du betrachtest: Phising-Page bei Onlinebanking in FF + Trojan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.