Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 7 x64: Entfernen des Win32/Small.CA-Virus (https://www.trojaner-board.de/143690-win-7-x64-entfernen-win32-small-ca-virus.html)

HerrV 28.10.2013 10:51
Win 7 x64: Entfernen des Win32/Small.CA-Virus
 
Hallo.

Seit einiger Zeit taucht die Meldung "Entfernen des Win32/Small.CA-Virus" in den Meldungen meines Wartungscenters auf. Ich habe dann einige Zeit lang nichts unternommen, da Sophos nichts Verdächtiges gefunden hat, ebenso wenig wie die Microsoft Produkte. Nach damaliger Recherche habe ich auch gelesen, dass Sophos einen "false positive" verursacht.
Da das Problem doch häufiger auftritt (auch bei Systemen ohne Sophos), würde ich das Problem gerne lösen. Über Hilfe wäre ich sehr Dankbar.

Hier schonmal die ersten Logs:

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Lars (administrator) on NOTEBOOK on 28-10-2013 09:35:05
Running from C:\Users\Lars\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Silicon Motion) C:\Windows\SMIKsSTI.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
() C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [SMI_SSE_V5] - C:\Windows\SMIKsSTI.exe [212992 2011-04-11] (Silicon Motion)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\CONEXANT\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe [281960 2011-04-04] (Lenovo Group Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-19] (Google Inc.)
MountPoints2: D - D:\LaunchU3.exe -a
MountPoints2: {48023753-f944-11e0-9f81-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll [1556032 2012-10-03] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe [929272 2013-01-11] (Sophos Limited)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [217672 2013-10-27] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [275352 2013-10-27] (Sophos Limited)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=hp&fr=linkury-tb&installDate=14/05/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default
FF NewTab: about:blank
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lars\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lars\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

==================== Services (Whitelisted) =================

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-01-08] (The OpenVPN Project)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-27] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-27] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [443240 2011-03-02] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-27] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-27] (Sophos Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-14] (DT Soft Ltd)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [32104 2011-07-08] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-10-27] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-01-22] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-10-27] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [210048 2011-04-11] (SMI)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 09:34 - 2013-10-28 09:34 - 00000000 ____D C:\FRST
2013-10-28 09:33 - 2013-10-28 09:33 - 01956538 _____ (Farbar) C:\Users\Lars\Desktop\FRST64.exe
2013-10-28 09:31 - 2013-10-28 09:31 - 00000540 _____ C:\Users\Lars\Desktop\defogger_disable.log
2013-10-28 09:31 - 2013-10-28 09:31 - 00000168 _____ C:\Users\Lars\defogger_reenable
2013-10-28 09:29 - 2013-10-28 09:29 - 00050477 _____ C:\Users\Lars\Desktop\Defogger.exe
2013-10-27 16:34 - 2013-10-27 16:30 - 00037880 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2013-10-27 16:30 - 2013-10-27 16:30 - 00154952 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2013-10-27 16:14 - 2013-10-27 16:14 - 00025608 _____ (Sophos Plc) C:\Windows\system32\Drivers\SophosBootDriver.sys
2013-10-27 16:09 - 2013-10-27 16:11 - 08582056 _____ (Igor Pavlov) C:\Users\Lars\Downloads\ses103cau_ext.exe
2013-10-27 15:42 - 2013-10-27 15:42 - 00247530 _____ C:\ProgramData\1382884859.bdinstall.bin
2013-10-27 14:35 - 2013-10-27 14:35 - 00000385 _____ C:\Users\Lars\AppData\Roaminguser_gensett.xml
2013-10-27 13:03 - 2013-10-27 13:03 - 00534306 _____ C:\ProgramData\1382874960.bdinstall.bin
2013-10-27 13:01 - 2013-10-27 13:01 - 00000000 ____D C:\ProgramData\BDLogging
2013-10-27 12:56 - 2013-10-27 15:42 - 00000000 ____D C:\Program Files\Bitdefender
2013-10-27 12:56 - 2013-10-27 15:41 - 00000000 ____D C:\ProgramData\Bitdefender
2013-10-27 12:56 - 2013-10-27 12:56 - 00000000 ____D C:\Users\Lars\AppData\Roaming\QuickScan
2013-10-27 12:55 - 2013-10-27 15:41 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-10-27 12:53 - 2013-10-27 12:54 - 00000008 _____ C:\Users\Lars\Desktop\Bitdefender Key.txt
2013-10-20 10:22 - 2013-10-20 10:22 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-10-12 02:19 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 02:19 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-12 02:19 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 02:19 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 02:19 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-12 02:19 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-12 02:19 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 02:19 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 02:19 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-12 02:19 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:11 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 08:11 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 08:11 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 08:11 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 08:11 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 08:11 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 08:11 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 08:11 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 08:11 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 08:11 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 08:11 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 08:11 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 08:11 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 08:11 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 08:11 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 08:11 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 08:11 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 08:10 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 08:10 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 08:10 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 08:10 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 08:10 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 08:10 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 08:10 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 08:10 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 08:10 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 08:10 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:10 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:10 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 08:10 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 08:10 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 08:10 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 08:10 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 08:10 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 08:10 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 08:10 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 08:10 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 08:10 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 08:10 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:10 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:10 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:10 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 08:10 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 08:10 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 08:10 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 08:10 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-02 15:20 - 2013-10-02 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-28 09:35 - 2013-01-11 09:00 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-28 09:34 - 2013-10-28 09:34 - 00000000 ____D C:\FRST
2013-10-28 09:33 - 2013-10-28 09:33 - 01956538 _____ (Farbar) C:\Users\Lars\Desktop\FRST64.exe
2013-10-28 09:31 - 2013-10-28 09:31 - 00000540 _____ C:\Users\Lars\Desktop\defogger_disable.log
2013-10-28 09:31 - 2013-10-28 09:31 - 00000168 _____ C:\Users\Lars\defogger_reenable
2013-10-28 09:31 - 2013-01-22 17:11 - 00000000 ____D C:\Users\Lars
2013-10-28 09:29 - 2013-10-28 09:29 - 00050477 _____ C:\Users\Lars\Desktop\Defogger.exe
2013-10-28 09:29 - 2013-01-11 09:00 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-28 09:25 - 2013-07-19 17:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 09:12 - 2011-10-18 05:50 - 01832467 _____ C:\Windows\WindowsUpdate.log
2013-10-28 09:11 - 2013-04-19 11:20 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA.job
2013-10-27 20:10 - 2011-10-18 15:34 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-10-27 20:10 - 2011-10-18 15:34 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-10-27 20:10 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 20:07 - 2013-01-22 18:43 - 00000000 ____D C:\Users\Lars\Documents\Outlook-Dateien
2013-10-27 16:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-27 16:33 - 2013-01-22 17:39 - 00000000 ____D C:\ProgramData\Sophos
2013-10-27 16:30 - 2013-10-27 16:34 - 00037880 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2013-10-27 16:30 - 2013-10-27 16:30 - 00154952 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2013-10-27 16:14 - 2013-10-27 16:14 - 00025608 _____ (Sophos Plc) C:\Windows\system32\Drivers\SophosBootDriver.sys
2013-10-27 16:12 - 2013-01-22 17:39 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-10-27 16:11 - 2013-10-27 16:09 - 08582056 _____ (Igor Pavlov) C:\Users\Lars\Downloads\ses103cau_ext.exe
2013-10-27 15:59 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 15:59 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 15:51 - 2013-08-28 08:59 - 00000000 ____D C:\Users\Lars\Desktop\LateX-Vorlage
2013-10-27 15:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-27 15:50 - 2013-02-21 17:38 - 00000000 ____D C:\Program Files (x86)\Miranda IM
2013-10-27 15:50 - 2011-10-18 06:02 - 00000000 ____D C:\Program Files\Broadcom
2013-10-27 15:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-27 15:42 - 2013-10-27 15:42 - 00247530 _____ C:\ProgramData\1382884859.bdinstall.bin
2013-10-27 15:42 - 2013-10-27 12:56 - 00000000 ____D C:\Program Files\Bitdefender
2013-10-27 15:41 - 2013-10-27 12:56 - 00000000 ____D C:\ProgramData\Bitdefender
2013-10-27 15:41 - 2013-10-27 12:55 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-10-27 15:39 - 2013-05-24 12:14 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-27 14:52 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 14:51 - 2009-07-14 05:51 - 00057918 _____ C:\Windows\setupact.log
2013-10-27 14:35 - 2013-10-27 14:35 - 00000385 _____ C:\Users\Lars\AppData\Roaminguser_gensett.xml
2013-10-27 13:03 - 2013-10-27 13:03 - 00534306 _____ C:\ProgramData\1382874960.bdinstall.bin
2013-10-27 13:01 - 2013-10-27 13:01 - 00000000 ____D C:\ProgramData\BDLogging
2013-10-27 12:56 - 2013-10-27 12:56 - 00000000 ____D C:\Users\Lars\AppData\Roaming\QuickScan
2013-10-27 12:54 - 2013-10-27 12:53 - 00000008 _____ C:\Users\Lars\Desktop\Bitdefender Key.txt
2013-10-20 10:22 - 2013-10-20 10:22 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-10-18 08:43 - 2013-04-19 11:20 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core.job
2013-10-18 08:32 - 2013-04-19 11:20 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA
2013-10-18 08:32 - 2013-04-19 11:20 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core
2013-10-12 02:39 - 2009-07-14 05:45 - 00469192 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 02:18 - 2011-10-18 06:02 - 01590378 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-12 02:13 - 2013-07-29 12:03 - 00000000 _____ C:\Windows\system32\vireng.log
2013-10-12 02:11 - 2013-08-01 16:46 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 02:08 - 2013-01-23 10:33 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-11 07:55 - 2013-07-19 17:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 07:54 - 2013-02-01 15:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 07:54 - 2013-02-01 15:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 22:31 - 2013-01-22 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-04 10:03 - 2013-01-22 17:19 - 00000000 ____D C:\Users\Lars\AppData\Local\Mozilla
2013-10-02 15:20 - 2013-10-02 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 14:46 - 2009-07-14 06:08 - 00019270 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 12:21 - 2013-03-20 19:13 - 00000000 ____D C:\Users\Lars\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Lars\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Lars\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lars\AppData\Local\Temp\ose00000.exe
C:\Users\Lars\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-27 16:44

==================== End Of Log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013
Ran by Lars at 2013-10-28 09:37:03
Running from C:\Users\Lars\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 3 (SP3) (x32)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.01) - Deutsch (x32 Version: 11.0.01)
Anzeige am Bildschirm (Version: 6.62.01)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.2.43)
Broadcom InConcert Maestro (Version: 1.0.1.2100)
Citavi (x32 Version: 3.4.0.1)
Conexant HD Audio (Version: 8.32.27.0)
Create Recovery Media (x32 Version: 1.20.0.00)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
foobar2000 v1.2.2 (x32 Version: 1.2.2)
GPL Ghostscript (Version: 9.02)
IBM SPSS Statistics 20 (x32 Version: 20.0.0.0)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Integrated Camera (Version: 5.50.3.8)
Integrated Camera (x32 Version: 5.50.3.8)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.00.1000)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (x32 Version: 1.0.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo Screen Reading Optimizer (x32 Version: 1.07)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (x32 Version: 5.02.0011)
Lenovo ThinkVantage Toolbox (Version: 6.0.5802.24)
Lenovo User Guide (x32 Version: 1.0.0008.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 2.02.003.0)
Maple 16
Maple 16 (x32 Version: 16.0.0.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Message Center Plus (x32 Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MiKTeX 2.9 (Version: 2.9)
Miranda IM 0.10.10 (x32 Version: 0.10.10)
Mobile Broadband Drivers (x32 Version: 6.5.1.5)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Music Manager (HKCU)
OpenVPN 2.3.0-I001  (Version: 2.3.0-I001)
pstoedit and importps 3.61 (Version: 3.61)
R for Windows 2.15.2 (Version: 2.15.2)
RapidBoot (Version: 1.10)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.69)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
RStudio (x32 Version: 0.97.318)
Skype™ 6.6 (x32 Version: 6.6.106)
Sophos Anti-Virus (x32 Version: 10.3.1)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
TAP-Windows 9.9.2 (Version: 9.9.2)
TeXnicCenter Version 2.0 Beta 1 (Version: 2.0 Beta 1)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.2100)
ThinkPad Energie-Manager (x32 Version: 3.61)
ThinkPad UltraNav Driver (Version: 15.2.19.0)
ThinkVantage AutoLock (Version: 1.02)
ThinkVantage Communications Utility (Version: 2.06)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.74)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
VIPAccess (x32 Version: 2.0.1.91)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (Version: 11/06/2010 10.1.0.1008)
Windows-Treiberpaket - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (Version: 01/19/2011 1.62.00.00)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (Version: 03/24/2011 15.2.19.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

21-09-2013 01:00:32 Windows Update
24-09-2013 09:24:04 Windows Update
01-10-2013 14:49:03 Windows Update
04-10-2013 15:18:12 Windows Update
11-10-2013 07:10:07 Windows Update
12-10-2013 01:00:21 Windows Update
17-10-2013 10:47:47 Windows Update
26-10-2013 18:23:39 Windows Update
27-10-2013 13:07:13 Removed Sophos AutoUpdate
27-10-2013 13:57:53 Windows Update
27-10-2013 14:39:06 Removed Broadcom InConcert Maestro
27-10-2013 14:47:29 Wiederherstellungsvorgang
27-10-2013 15:11:25 Removed Sophos AutoUpdate
27-10-2013 15:11:52 Installed Sophos AutoUpdate
27-10-2013 15:13:29 Removed Sophos AutoUpdate

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-01-27 12:58 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {084205F0-C16F-48C0-8568-B2F32FBB4F85} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {167A29EE-B4ED-4991-8BAE-59D2C4C93A1D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-06-01] (Lenovo Group Limited)
Task: {40843BAA-98A9-443A-B2B3-B855E6A2EF5D} - System32\Tasks\MCP => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {4447A86F-76A7-4DEA-9EA4-E70C1DA5525F} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {49F3E7CB-0E26-4576-9F6D-455E5A538F62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {A4B76FA3-633B-45D7-B959-702043724BBD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {AC80CAD9-380C-4A37-9302-BFE7EEE98CBC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {BFCDE02A-3AAE-4D09-A047-8C39A5514648} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {BFF31B0C-10C6-4AA1-A60B-96C69645F67B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CEA316DA-ADC6-4F92-A932-5CFC379489D2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {E512563A-C52A-4442-BF9B-9B880AB78772} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {F9088644-656E-4EF4-9492-2FC983D9731E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core.job => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA.job => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2011-10-18 06:12 - 2011-06-01 19:01 - 00054272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-10-18 15:28 - 2011-03-24 11:48 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-10-18 06:09 - 2011-06-10 17:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-11 09:34 - 2011-05-26 17:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2011-10-18 05:57 - 2010-11-04 09:17 - 00393216 _____ () C:\Windows\SMIKsLIB.dll
2011-10-18 05:57 - 2009-10-23 17:50 - 00326144 _____ () C:\Windows\system32\370prop.ax
2011-10-18 06:13 - 2010-04-06 08:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-10-18 06:13 - 2010-04-06 08:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2013-09-03 14:54 - 2013-09-03 14:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2013-10-02 15:20 - 2013-10-02 15:20 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-01-26 19:27 - 2013-01-26 19:27 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2013 04:50:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus) (User: )
Description: Ausnahme entdeckt in CInfrastructureModule::PreMessageLoop.

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus) (User: )
Description: Fehler beim Anfordern der Komponente ConfigurationManager vom ComponentManager.

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus) (User: )
Description: Fehler bei der Konfiguration von ConfigurationManager.

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus) (User: )
Description: Die Bootstrap-Konfigurationsdatei 'C:\ProgramData\Sophos\Sophos Anti-Virus\Config\bootstrap.xml' fehlt.

Error: (10/27/2013 04:13:43 PM) (Source: MsiInstaller) (User: Notebook)
Description: Produkt: Sophos AutoUpdate -- Fehler 25012. Sophos AutoUpdate konnte nicht installiert werden, da zur Zeit ein Update läuft. Bitte warten Sie, bis dieser beendet ist, bevor Sie es erneut versuchen.

Error: (10/27/2013 02:56:52 PM) (Source: ESENT) (User: )
Description: taskhost (1000) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1032 auf.

Error: (10/27/2013 02:56:52 PM) (Source: ESENT) (User: )
Description: taskhost (1000) WebCacheLocal: Versuch, Datei "C:\Users\Lars\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (10/27/2013 02:56:42 PM) (Source: ESENT) (User: )
Description: taskhost (1000) WebCacheLocal: Versuch, Datei "C:\Users\Lars\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (10/27/2013 02:52:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/27/2013 04:33:15 PM) (Source: DCOM) (User: )
Description: {D2B7A809-15DC-40B4-A1E1-C61EA97191DB}

Error: (10/27/2013 04:32:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467259.

Error: (10/27/2013 04:32:45 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (10/27/2013 02:57:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2862330)

Error: (10/27/2013 02:52:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467259.

Error: (10/27/2013 02:52:00 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (10/27/2013 03:48:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%10106

Error: (10/27/2013 03:48:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%10106

Error: (10/27/2013 03:46:26 PM) (Source: DCOM) (User: )
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/27/2013 03:45:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147014790


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 4009.9 MB
Available physical RAM: 1846.83 MB
Total Pagefile: 8017.98 MB
Available Pagefile: 5676.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:284.61 GB) (Free:216.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:12.3 GB) (Free:3.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 5D8739B2)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
defogger_disable.txt:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:31 on 28/10/2013 (Lars)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
gmer.txt
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-28 10:09:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.EC2Z 298,09GB
Running: 86tt77j8.exe; Driver: C:\Users\Lars\AppData\Local\Temp\uxrdqpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                              fffff80003001000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                              fffff8000300102f 16 bytes [00, 00, 10, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\SysWOW64\SAsrv.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000075b01465 2 bytes [B0, 75]
.text    C:\Windows\SysWOW64\SAsrv.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe[508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000075b01465 2 bytes [B0, 75]
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\Explorer.EXE[1596] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                      0000000077a323d0 5 bytes JMP 000000016fff00d8
.text    C:\Windows\Explorer.EXE[1596] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                            0000000077aaf6c0 8 bytes JMP 000000016fff0110
.text    C:\Windows\Explorer.EXE[1596] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                    000007fefe537490 11 bytes JMP 000007fffe5000d8
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000075b01465 2 bytes [B0, 75]
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                                    00000000756b11a8 2 bytes [6B, 75]
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                              00000000756b13a8 2 bytes [6B, 75]
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                                  00000000756b1422 2 bytes [6B, 75]
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                          00000000756b1498 2 bytes [6B, 75]
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                                                00000000756a1b41 2 bytes [6A, 75]
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                                                00000000756a1be8 2 bytes [6A, 75]
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                                                00000000756a1c20 2 bytes [6A, 75]
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                                                00000000756a1cd2 2 bytes [6A, 75]
.text    C:\Windows\SMIKsSTI.exe[4404] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                                                00000000756a1cf2 2 bytes [6A, 75]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\SysWOW64\rundll32.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000075b01465 2 bytes [B0, 75]
.text    C:\Windows\SysWOW64\rundll32.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000075b01465 2 bytes [B0, 75]
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\SysWOW64\RunDll32.exe[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000075b01465 2 bytes [B0, 75]
.text    C:\Windows\SysWOW64\RunDll32.exe[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[9480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075b01465 2 bytes [B0, 75]
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[9480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Users\Lars\Desktop\86tt77j8.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000075b01465 2 bytes [B0, 75]
.text    C:\Users\Lars\Desktop\86tt77j8.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                0000000075b014bb 2 bytes [B0, 75]
.text    ...                                                                                                                                              * 2

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf46ab911                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5917421                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf46ab911 (not active ControlSet)                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5917421 (not active ControlSet)                                                 

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----


P.S.: Alle Scans haben problemlos geklappt, als ich aber mein Notebook danach rebooten wollte, wurde das System beim Herunterfahren durch einen Bluescreen beendet.

VG

M-K-D-B 28.10.2013 11:10
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.




auf deinem Rechner wird illegale Software verwendet:
Zitat:
Hosts: 127.0.0.1 activate.adobe.com
Was kannst du mir hierzu sagen?

Sobald du jegliche illegale Software entfernt hast, können wir mit der Bereinigung fortfahren. Sollte ich dann jedoch noch einmal etwas entdecken, ist Schluss.

Bitte lesen:
Cracks, Keygens und andere illegale Software

HerrV 28.10.2013 12:51
Hallo Matthias,
danke für deine schnelle Antwort. Ja, du hast Recht, ich hatte den Adobe Acrobat auf dem Rechner, der ist zwischen den ganzen Adobe-Produkten leider untergegangen. Jetzt müsste das System komplett frei von derart Software sein. Habe die Scans des Rechners noh einmal durchgeführt. Her die Logs:

DeFogger.txt:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:15 on 28/10/2013 (Lars)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Lars (administrator) on NOTEBOOK on 28-10-2013 12:11:48
Running from C:\Users\Lars\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Silicon Motion) C:\Windows\SMIKsSTI.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
() C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [SMI_SSE_V5] - C:\Windows\SMIKsSTI.exe [212992 2011-04-11] (Silicon Motion)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\CONEXANT\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe [281960 2011-04-04] (Lenovo Group Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-19] (Google Inc.)
MountPoints2: D - D:\LaunchU3.exe -a
MountPoints2: {48023753-f944-11e0-9f81-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll [1556032 2012-10-03] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe [929272 2013-01-11] (Sophos Limited)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [217672 2013-10-27] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [275352 2013-10-27] (Sophos Limited)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=hp&fr=linkury-tb&installDate=14/05/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default
FF NewTab: about:blank
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lars\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lars\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

==================== Services (Whitelisted) =================

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-01-08] (The OpenVPN Project)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-27] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-27] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [443240 2011-03-02] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-27] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-27] (Sophos Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-14] (DT Soft Ltd)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [32104 2011-07-08] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-10-27] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-01-22] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-10-27] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [210048 2011-04-11] (SMI)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 11:46 - 2013-10-28 11:46 - 00000277 _____ C:\Users\Lars\Desktop\postausgang.CSV
2013-10-28 11:45 - 2013-10-28 11:46 - 00009318 _____ C:\Users\Lars\AppData\Roaming\Kommagetrennte Werte (Windows).EML
2013-10-28 11:45 - 2013-10-28 11:45 - 01050408 _____ C:\Users\Lars\Desktop\posteingang.CSV
2013-10-28 10:22 - 2013-10-28 10:22 - 00442624 _____ C:\Windows\Minidump\102813-22011-01.dmp
2013-10-28 10:09 - 2013-10-28 10:09 - 00016976 _____ C:\Users\Lars\Desktop\gmer.log
2013-10-28 09:45 - 2013-10-28 09:45 - 00377856 _____ C:\Users\Lars\Desktop\86tt77j8.exe
2013-10-28 09:34 - 2013-10-28 09:34 - 00000000 ____D C:\FRST
2013-10-28 09:33 - 2013-10-28 09:33 - 01956538 _____ (Farbar) C:\Users\Lars\Desktop\FRST64.exe
2013-10-28 09:31 - 2013-10-28 09:31 - 00000540 _____ C:\Users\Lars\Desktop\defogger_disable.log
2013-10-28 09:31 - 2013-10-28 09:31 - 00000168 _____ C:\Users\Lars\defogger_reenable
2013-10-28 09:29 - 2013-10-28 09:29 - 00050477 _____ C:\Users\Lars\Desktop\Defogger.exe
2013-10-27 16:34 - 2013-10-27 16:30 - 00037880 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2013-10-27 16:30 - 2013-10-27 16:30 - 00154952 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2013-10-27 16:14 - 2013-10-27 16:14 - 00025608 _____ (Sophos Plc) C:\Windows\system32\Drivers\SophosBootDriver.sys
2013-10-27 16:09 - 2013-10-27 16:11 - 08582056 _____ (Igor Pavlov) C:\Users\Lars\Downloads\ses103cau_ext.exe
2013-10-27 15:42 - 2013-10-27 15:42 - 00247530 _____ C:\ProgramData\1382884859.bdinstall.bin
2013-10-27 14:35 - 2013-10-27 14:35 - 00000385 _____ C:\Users\Lars\AppData\Roaminguser_gensett.xml
2013-10-27 13:03 - 2013-10-27 13:03 - 00534306 _____ C:\ProgramData\1382874960.bdinstall.bin
2013-10-27 13:01 - 2013-10-27 13:01 - 00000000 ____D C:\ProgramData\BDLogging
2013-10-27 12:56 - 2013-10-27 15:42 - 00000000 ____D C:\Program Files\Bitdefender
2013-10-27 12:56 - 2013-10-27 15:41 - 00000000 ____D C:\ProgramData\Bitdefender
2013-10-27 12:56 - 2013-10-27 12:56 - 00000000 ____D C:\Users\Lars\AppData\Roaming\QuickScan
2013-10-27 12:55 - 2013-10-27 15:41 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-10-27 12:53 - 2013-10-27 12:54 - 00000008 _____ C:\Users\Lars\Desktop\Bitdefender Key.txt
2013-10-20 10:22 - 2013-10-20 10:22 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-10-12 02:19 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 02:19 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-12 02:19 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 02:19 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 02:19 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-12 02:19 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-12 02:19 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 02:19 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 02:19 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-12 02:19 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:11 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 08:11 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 08:11 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 08:11 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 08:11 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 08:11 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 08:11 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 08:11 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 08:11 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 08:11 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 08:11 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 08:11 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 08:11 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 08:11 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 08:11 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 08:11 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 08:11 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 08:10 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 08:10 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 08:10 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 08:10 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 08:10 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 08:10 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 08:10 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 08:10 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 08:10 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 08:10 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:10 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:10 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 08:10 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 08:10 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 08:10 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 08:10 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 08:10 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 08:10 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 08:10 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 08:10 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 08:10 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 08:10 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:10 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:10 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:10 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 08:10 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 08:10 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 08:10 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 08:10 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-02 15:20 - 2013-10-02 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-28 12:11 - 2011-10-18 15:34 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-10-28 12:11 - 2011-10-18 15:34 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-10-28 12:11 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-28 12:09 - 2011-10-18 05:50 - 01864549 _____ C:\Windows\WindowsUpdate.log
2013-10-28 12:08 - 2013-01-11 09:00 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-28 12:07 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 12:07 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 12:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 12:04 - 2009-07-14 05:51 - 00058030 _____ C:\Windows\setupact.log
2013-10-28 12:03 - 2013-01-11 09:00 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-28 12:03 - 2010-11-21 04:47 - 00026432 _____ C:\Windows\PFRO.log
2013-10-28 12:03 - 2009-07-14 05:45 - 00458048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-28 11:53 - 2013-01-22 18:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-28 11:51 - 2013-01-22 17:12 - 00119936 _____ C:\Users\Lars\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-28 11:51 - 2010-11-21 08:16 - 00000000 ____D C:\Windows\ShellNew
2013-10-28 11:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-10-28 11:49 - 2013-01-22 18:43 - 00000000 ____D C:\Users\Lars\Documents\Outlook-Dateien
2013-10-28 11:48 - 2009-07-14 03:34 - 00000490 _____ C:\Windows\win.ini
2013-10-28 11:46 - 2013-10-28 11:46 - 00000277 _____ C:\Users\Lars\Desktop\postausgang.CSV
2013-10-28 11:46 - 2013-10-28 11:45 - 00009318 _____ C:\Users\Lars\AppData\Roaming\Kommagetrennte Werte (Windows).EML
2013-10-28 11:46 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-28 11:45 - 2013-10-28 11:45 - 01050408 _____ C:\Users\Lars\Desktop\posteingang.CSV
2013-10-28 11:37 - 2013-04-19 11:20 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA.job
2013-10-28 11:35 - 2011-10-18 06:14 - 00000000 ____D C:\ProgramData\Adobe
2013-10-28 11:25 - 2013-07-19 17:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 10:22 - 2013-10-28 10:22 - 00442624 _____ C:\Windows\Minidump\102813-22011-01.dmp
2013-10-28 10:22 - 2013-05-22 17:21 - 543956132 _____ C:\Windows\MEMORY.DMP
2013-10-28 10:22 - 2013-05-22 17:21 - 00000000 ____D C:\Windows\Minidump
2013-10-28 10:09 - 2013-10-28 10:09 - 00016976 _____ C:\Users\Lars\Desktop\gmer.log
2013-10-28 09:45 - 2013-10-28 09:45 - 00377856 _____ C:\Users\Lars\Desktop\86tt77j8.exe
2013-10-28 09:37 - 2013-04-19 11:20 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core.job
2013-10-28 09:34 - 2013-10-28 09:34 - 00000000 ____D C:\FRST
2013-10-28 09:33 - 2013-10-28 09:33 - 01956538 _____ (Farbar) C:\Users\Lars\Desktop\FRST64.exe
2013-10-28 09:31 - 2013-10-28 09:31 - 00000540 _____ C:\Users\Lars\Desktop\defogger_disable.log
2013-10-28 09:31 - 2013-10-28 09:31 - 00000168 _____ C:\Users\Lars\defogger_reenable
2013-10-28 09:31 - 2013-01-22 17:11 - 00000000 ____D C:\Users\Lars
2013-10-28 09:29 - 2013-10-28 09:29 - 00050477 _____ C:\Users\Lars\Desktop\Defogger.exe
2013-10-27 16:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-27 16:33 - 2013-01-22 17:39 - 00000000 ____D C:\ProgramData\Sophos
2013-10-27 16:30 - 2013-10-27 16:34 - 00037880 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2013-10-27 16:30 - 2013-10-27 16:30 - 00154952 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2013-10-27 16:14 - 2013-10-27 16:14 - 00025608 _____ (Sophos Plc) C:\Windows\system32\Drivers\SophosBootDriver.sys
2013-10-27 16:12 - 2013-01-22 17:39 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-10-27 16:11 - 2013-10-27 16:09 - 08582056 _____ (Igor Pavlov) C:\Users\Lars\Downloads\ses103cau_ext.exe
2013-10-27 15:51 - 2013-08-28 08:59 - 00000000 ____D C:\Users\Lars\Desktop\LateX-Vorlage
2013-10-27 15:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-27 15:50 - 2011-10-18 06:02 - 00000000 ____D C:\Program Files\Broadcom
2013-10-27 15:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-27 15:42 - 2013-10-27 15:42 - 00247530 _____ C:\ProgramData\1382884859.bdinstall.bin
2013-10-27 15:42 - 2013-10-27 12:56 - 00000000 ____D C:\Program Files\Bitdefender
2013-10-27 15:41 - 2013-10-27 12:56 - 00000000 ____D C:\ProgramData\Bitdefender
2013-10-27 15:41 - 2013-10-27 12:55 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-10-27 15:39 - 2013-05-24 12:14 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-27 14:35 - 2013-10-27 14:35 - 00000385 _____ C:\Users\Lars\AppData\Roaminguser_gensett.xml
2013-10-27 13:03 - 2013-10-27 13:03 - 00534306 _____ C:\ProgramData\1382874960.bdinstall.bin
2013-10-27 13:01 - 2013-10-27 13:01 - 00000000 ____D C:\ProgramData\BDLogging
2013-10-27 12:56 - 2013-10-27 12:56 - 00000000 ____D C:\Users\Lars\AppData\Roaming\QuickScan
2013-10-27 12:54 - 2013-10-27 12:53 - 00000008 _____ C:\Users\Lars\Desktop\Bitdefender Key.txt
2013-10-20 10:22 - 2013-10-20 10:22 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-10-18 08:32 - 2013-04-19 11:20 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA
2013-10-18 08:32 - 2013-04-19 11:20 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core
2013-10-12 02:18 - 2011-10-18 06:02 - 01590378 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-12 02:13 - 2013-07-29 12:03 - 00000000 _____ C:\Windows\system32\vireng.log
2013-10-12 02:11 - 2013-08-01 16:46 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 02:08 - 2013-01-23 10:33 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-11 07:55 - 2013-07-19 17:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 07:54 - 2013-02-01 15:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 07:54 - 2013-02-01 15:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 22:31 - 2013-01-22 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-04 10:03 - 2013-01-22 17:19 - 00000000 ____D C:\Users\Lars\AppData\Local\Mozilla
2013-10-02 15:20 - 2013-10-02 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 14:46 - 2009-07-14 06:08 - 00019774 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 12:21 - 2013-03-20 19:13 - 00000000 ____D C:\Users\Lars\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Lars\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Lars\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lars\AppData\Local\Temp\ose00000.exe
C:\Users\Lars\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-27 16:44

==================== End Of Log ============================
--- --- ---


Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013
Ran by Lars at 2013-10-28 12:12:43
Running from C:\Users\Lars\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

==================== Installed Programs ======================

Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.01) - Deutsch (x32 Version: 11.0.01)
Anzeige am Bildschirm (Version: 6.62.01)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.2.43)
Broadcom InConcert Maestro (Version: 1.0.1.2100)
Citavi (x32 Version: 3.4.0.1)
Conexant HD Audio (Version: 8.32.27.0)
Create Recovery Media (x32 Version: 1.20.0.00)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
foobar2000 v1.2.2 (x32 Version: 1.2.2)
GPL Ghostscript (Version: 9.02)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Integrated Camera (Version: 5.50.3.8)
Integrated Camera (x32 Version: 5.50.3.8)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.00.1000)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (x32 Version: 1.0.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo Screen Reading Optimizer (x32 Version: 1.07)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (x32 Version: 5.02.0011)
Lenovo ThinkVantage Toolbox (Version: 6.0.5802.24)
Lenovo User Guide (x32 Version: 1.0.0008.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 2.02.003.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Message Center Plus (x32 Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MiKTeX 2.9 (Version: 2.9)
Mobile Broadband Drivers (x32 Version: 6.5.1.5)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Music Manager (HKCU)
OpenVPN 2.3.0-I001  (Version: 2.3.0-I001)
pstoedit and importps 3.61 (Version: 3.61)
R for Windows 2.15.2 (Version: 2.15.2)
RapidBoot (Version: 1.10)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.69)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
RStudio (x32 Version: 0.97.318)
Skype™ 6.6 (x32 Version: 6.6.106)
Sophos Anti-Virus (x32 Version: 10.3.1)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
TAP-Windows 9.9.2 (Version: 9.9.2)
TeXnicCenter Version 2.0 Beta 1 (Version: 2.0 Beta 1)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.2100)
ThinkPad Energie-Manager (x32 Version: 3.61)
ThinkPad UltraNav Driver (Version: 15.2.19.0)
ThinkVantage AutoLock (Version: 1.02)
ThinkVantage Communications Utility (Version: 2.06)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.74)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
VIPAccess (x32 Version: 2.0.1.91)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (Version: 11/06/2010 10.1.0.1008)
Windows-Treiberpaket - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (Version: 01/19/2011 1.62.00.00)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (Version: 03/24/2011 15.2.19.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

24-09-2013 09:24:04 Windows Update
01-10-2013 14:49:03 Windows Update
04-10-2013 15:18:12 Windows Update
11-10-2013 07:10:07 Windows Update
12-10-2013 01:00:21 Windows Update
17-10-2013 10:47:47 Windows Update
26-10-2013 18:23:39 Windows Update
27-10-2013 13:07:13 Removed Sophos AutoUpdate
27-10-2013 13:57:53 Windows Update
27-10-2013 14:39:06 Removed Broadcom InConcert Maestro
27-10-2013 14:47:29 Wiederherstellungsvorgang
27-10-2013 15:11:25 Removed Sophos AutoUpdate
27-10-2013 15:11:52 Installed Sophos AutoUpdate
27-10-2013 15:13:29 Removed Sophos AutoUpdate
28-10-2013 10:30:48 Removed Adobe Acrobat X Pro - English, Français, Deutsch.
28-10-2013 10:36:59 Removed IBM SPSS Statistics 20.
28-10-2013 10:46:28 Removed Microsoft Office Enterprise 2007

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-10-28 11:34 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {084205F0-C16F-48C0-8568-B2F32FBB4F85} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {167A29EE-B4ED-4991-8BAE-59D2C4C93A1D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-06-01] (Lenovo Group Limited)
Task: {40843BAA-98A9-443A-B2B3-B855E6A2EF5D} - System32\Tasks\MCP => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {4447A86F-76A7-4DEA-9EA4-E70C1DA5525F} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {49F3E7CB-0E26-4576-9F6D-455E5A538F62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {A4B76FA3-633B-45D7-B959-702043724BBD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {AC80CAD9-380C-4A37-9302-BFE7EEE98CBC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {BFCDE02A-3AAE-4D09-A047-8C39A5514648} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {BFF31B0C-10C6-4AA1-A60B-96C69645F67B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CEA316DA-ADC6-4F92-A932-5CFC379489D2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {E512563A-C52A-4442-BF9B-9B880AB78772} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {F9088644-656E-4EF4-9492-2FC983D9731E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core.job => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA.job => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2011-10-18 06:12 - 2011-06-01 19:01 - 00054272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-10-18 15:28 - 2011-03-24 11:48 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-10-18 06:09 - 2011-06-10 17:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-18 05:57 - 2010-11-04 09:17 - 00393216 _____ () C:\Windows\SMIKsLIB.dll
2011-10-18 06:13 - 2010-04-06 08:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-10-18 06:13 - 2010-04-06 08:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2013-01-11 09:34 - 2011-05-26 17:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2013-10-02 15:20 - 2013-10-02 15:20 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-01-26 19:27 - 2013-01-26 19:27 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2013 00:05:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2013 10:24:58 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Name des fehlerhaften Moduls: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000108e35
ID des fehlerhaften Prozesses: 0x13bc
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3

Error: (10/28/2013 10:23:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2013 04:50:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus) (User: )
Description: Ausnahme entdeckt in CInfrastructureModule::PreMessageLoop.

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus) (User: )
Description: Fehler beim Anfordern der Komponente ConfigurationManager vom ComponentManager.

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus) (User: )
Description: Fehler bei der Konfiguration von ConfigurationManager.

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus) (User: )
Description: Die Bootstrap-Konfigurationsdatei 'C:\ProgramData\Sophos\Sophos Anti-Virus\Config\bootstrap.xml' fehlt.

Error: (10/27/2013 04:13:43 PM) (Source: MsiInstaller) (User: Notebook)
Description: Produkt: Sophos AutoUpdate -- Fehler 25012. Sophos AutoUpdate konnte nicht installiert werden, da zur Zeit ein Update läuft. Bitte warten Sie, bis dieser beendet ist, bevor Sie es erneut versuchen.

Error: (10/27/2013 02:56:52 PM) (Source: ESENT) (User: )
Description: taskhost (1000) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1032 auf.


System errors:
=============
Error: (10/28/2013 10:25:09 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/28/2013 10:22:43 AM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8003ce0040, 0xfffff80000b9c3d0)C:\Windows\MEMORY.DMP102813-22011-01

Error: (10/28/2013 09:56:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sophos Web Intelligence Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/28/2013 09:56:11 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Sophos AutoUpdate Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/27/2013 04:33:15 PM) (Source: DCOM) (User: )
Description: {D2B7A809-15DC-40B4-A1E1-C61EA97191DB}

Error: (10/27/2013 04:32:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467259.

Error: (10/27/2013 04:32:45 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (10/27/2013 02:57:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2862330)

Error: (10/27/2013 02:52:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467259.

Error: (10/27/2013 02:52:00 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (10/28/2013 00:05:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2013 10:24:58 AM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fwmpnetwk.exe12.0.7601.175144ce7ae7fc00000050000000000108e3513bc01ced3bf825660ffC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.execfb36122-3fb2-11e3-b890-028037ec0200

Error: (10/28/2013 10:23:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2013 04:50:26 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dllc:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll9

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus)(User: )
Description: CInfrastructureModule::PreMessageLoop

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus)(User: )
Description: ConfigurationManager

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus)(User: )
Description: ConfigurationManager

Error: (10/27/2013 04:32:45 PM) (Source: Sophos Anti-Virus)(User: )
Description: C:\ProgramData\Sophos\Sophos Anti-Virus\Config\bootstrap.xml

Error: (10/27/2013 04:13:43 PM) (Source: MsiInstaller)(User: Notebook)
Description: Produkt: Sophos AutoUpdate -- Fehler 25012. Sophos AutoUpdate konnte nicht installiert werden, da zur Zeit ein Update läuft. Bitte warten Sie, bis dieser beendet ist, bevor Sie es erneut versuchen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/27/2013 02:56:52 PM) (Source: ESENT)(User: )
Description: taskhost1000WebCacheLocal: -1032


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 4009.9 MB
Available physical RAM: 1927.64 MB
Total Pagefile: 8017.98 MB
Available Pagefile: 5788.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:284.61 GB) (Free:227.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:12.3 GB) (Free:3.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 5D8739B2)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gmer.txt:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-28 12:25:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.EC2Z 298,09GB
Running: 86tt77j8.exe; Driver: C:\Users\Lars\AppData\Local\Temp\uxrdqpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                              fffff80002fb5000 59 bytes [89, 6C, 24, 58, 41, 8D, 7D, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 588                                                                              fffff80002fb503c 90 bytes [DD, 41, 3A, ED, 0F, 85, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\SysWOW64\SAsrv.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000076d51465 2 bytes [D5, 76]
.text    C:\Windows\SysWOW64\SAsrv.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000076d51465 2 bytes [D5, 76]
.text    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\SMIKsSTI.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000076d51465 2 bytes [D5, 76]
.text    C:\Windows\SMIKsSTI.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[4828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\SysWOW64\ntdll.dll!KiUserExceptionDispatcher                                                  00000000778d0124 5 bytes JMP 0000000174bb86f0
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                  00000000778fc4dd 5 bytes JMP 0000000174bb4ec0
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\SysWOW64\ntdll.dll!RtlExitUserThread                                                          000000007791801c 5 bytes JMP 0000000174bb50c0
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                0000000075481282 5 bytes JMP 0000000174bb4f20
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!FreeLibrary                                                              0000000075483468 5 bytes JMP 0000000174bb5310
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                          00000000754842ff 5 bytes JMP 0000000174bb4f80
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!ResumeThread                                                            000000007548438f 5 bytes JMP 0000000174bb4fc0
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA                                                          00000000754848b3 5 bytes JMP 0000000174bb5020
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                            00000000754848cb 5 bytes JMP 0000000174bb4fe0
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                          00000000754848fd 5 bytes JMP 0000000174bb5000
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                            0000000075484977 5 bytes JMP 0000000174bb5040
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                              0000000075485366 5 bytes JMP 0000000174bb5140
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!GlobalAlloc                                                              000000007548582e 5 bytes JMP 0000000174bb5060
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                              00000000754879b0 5 bytes JMP 0000000174bb50e0
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalA                                                  000000007549a457 5 bytes JMP 0000000174bb5100
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                      000000007549d978 5 bytes JMP 0000000174bb4ee0
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!GetThreadContext                                                        00000000754a796c 5 bytes JMP 0000000174bb5080
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                        00000000755045ef 5 bytes JMP 0000000174bb4f60
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!WriteFileEx                                                              000000007550461f 5 bytes JMP 0000000174bb4f00
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                        00000000755053c3 5 bytes JMP 0000000174bb4fa0
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000076d51465 2 bytes [D5, 76]
.text    C:\Windows\SysWOW64\rundll32.exe[1092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000076d51465 2 bytes [D5, 76]
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\SysWOW64\ntdll.dll!KiUserExceptionDispatcher                                                  00000000778d0124 5 bytes JMP 0000000174bb86f0
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                  00000000778fc4dd 5 bytes JMP 0000000174bb4ec0
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\SysWOW64\ntdll.dll!RtlExitUserThread                                                          000000007791801c 5 bytes JMP 0000000174bb50c0
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!WriteFile                                                                0000000075481282 5 bytes JMP 0000000174bb4f20
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!FreeLibrary                                                              0000000075483468 5 bytes JMP 0000000174bb5310
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!VirtualProtect                                                          00000000754842ff 5 bytes JMP 0000000174bb4f80
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!ResumeThread                                                            000000007548438f 5 bytes JMP 0000000174bb4fc0
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA                                                          00000000754848b3 5 bytes JMP 0000000174bb5020
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                            00000000754848cb 5 bytes JMP 0000000174bb4fe0
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                          00000000754848fd 5 bytes JMP 0000000174bb5000
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                            0000000075484977 5 bytes JMP 0000000174bb5040
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!CreateFileA                                                              0000000075485366 5 bytes JMP 0000000174bb5140
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!GlobalAlloc                                                              000000007548582e 5 bytes JMP 0000000174bb5060
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!ExitProcess                                                              00000000754879b0 5 bytes JMP 0000000174bb50e0
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalA                                                  000000007549a457 5 bytes JMP 0000000174bb5100
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!WriteProcessMemory                                                      000000007549d978 5 bytes JMP 0000000174bb4ee0
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!GetThreadContext                                                        00000000754a796c 5 bytes JMP 0000000174bb5080
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!VirtualProtectEx                                                        00000000755045ef 5 bytes JMP 0000000174bb4f60
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!WriteFileEx                                                              000000007550461f 5 bytes JMP 0000000174bb4f00
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\kernel32.dll!SetThreadContext                                                        00000000755053c3 5 bytes JMP 0000000174bb4fa0
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000076d51465 2 bytes [D5, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000076d51465 2 bytes [D5, 76]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2
.text    C:\Users\Lars\Desktop\86tt77j8.exe[5644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000076d51465 2 bytes [D5, 76]
.text    C:\Users\Lars\Desktop\86tt77j8.exe[5644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                0000000076d514bb 2 bytes [D5, 76]
.text    ...                                                                                                                                              * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [3904:3480]                                                                                                      000007fef20b9688

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf46ab911                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5917421                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf46ab911 (not active ControlSet)                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5917421 (not active ControlSet)                                                 

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----

M-K-D-B 28.10.2013 16:00
Servus,




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

HerrV 28.10.2013 18:03
Hey Matthias,

habe den ComboFix-Scan wie beschrieben durchgeführt. Während des Scans sind sehr viele Fehlermeldungen aufgetaucht:
" 'NIRKMD' konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang."
Dabei variierten die Meldungen mit NIRKMD, NIRCMD, NIRCMDC und ein einziges Mal mit NircmdB.exe.
Der anschliessende Neustart verlief problemlos...hier nun das Log:

Code:
ComboFix 13-10-26.01 - Lars 28.10.2013  17:34:27.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4010.2346 [GMT 1:00]
ausgeführt von:: c:\users\Lars\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1382884859.bdinstall.bin
c:\programdata\Roaming
c:\windows\security\Database\tmp.edb
Q:\Autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-28 bis 2013-10-28  ))))))))))))))))))))))))))))))
.
.
2013-10-28 16:44 . 2013-10-28 16:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-10-28 16:29 . 2013-10-28 16:30        --------        d-----w-        C:\32788R22FWJFW
2013-10-28 13:15 . 2013-10-28 13:15        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{25A1DEA5-17C3-4CF5-BE75-4A9047BEE43A}\offreg.dll
2013-10-28 08:34 . 2013-10-28 08:34        --------        d-----w-        C:\FRST
2013-10-27 15:34 . 2013-10-27 15:30        37880        ----a-w-        c:\windows\system32\SophosBootTasks.exe
2013-10-27 15:33 . 2013-10-27 15:33        --------        d-----w-        c:\program files (x86)\Common Files\Cisco Systems
2013-10-27 15:30 . 2013-10-27 15:30        154952        ----a-w-        c:\windows\system32\drivers\savonaccess.sys
2013-10-27 15:14 . 2013-10-27 15:14        25608        ----a-w-        c:\windows\system32\drivers\SophosBootDriver.sys
2013-10-27 14:58 . 2013-10-16 00:20        10280728        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{25A1DEA5-17C3-4CF5-BE75-4A9047BEE43A}\mpengine.dll
2013-10-27 12:03 . 2013-10-27 12:03        534306        ----a-w-        c:\programdata\1382874960.bdinstall.bin
2013-10-27 12:01 . 2013-10-27 12:01        --------        d-----w-        c:\programdata\BDLogging
2013-10-27 11:56 . 2013-10-27 14:41        --------        d-----w-        c:\programdata\Bitdefender
2013-10-27 11:56 . 2013-10-27 14:42        --------        d-----w-        c:\program files\Bitdefender
2013-10-27 11:56 . 2013-10-27 11:56        --------        d-----w-        c:\users\Lars\AppData\Roaming\QuickScan
2013-10-27 11:55 . 2013-10-27 14:41        --------        d-----w-        c:\program files\Common Files\Bitdefender
2013-10-27 11:55 . 2013-10-27 11:55        --------        d-----w-        c:\program files (x86)\Common Files\Bitdefender
2013-10-20 09:22 . 2013-10-20 09:22        --------        d--h--w-        c:\programdata\CanonBJ
2013-10-20 09:22 . 2009-07-14 01:40        84992        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2013-10-11 07:11 . 2013-07-04 12:50        633856        ----a-w-        c:\windows\system32\comctl32.dll
2013-10-11 07:10 . 2013-07-04 12:57        259584        ----a-w-        c:\windows\system32\WebClnt.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 01:08 . 2013-01-23 09:33        80541720        ----a-w-        c:\windows\system32\MRT.exe
2013-10-11 06:54 . 2013-02-01 14:49        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 06:54 . 2013-02-01 14:49        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-03 13:35 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-11 07:10        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-20 15:31        155584        ----a-w-        c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-20 15:31        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-20 15:31        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-20 15:31        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-20 15:31        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-20 15:31        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        6656        ----a-w-        c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-20 15:31        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-20 15:31        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-20 15:31        338432        ----a-w-        c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-20 15:31        112640        ----a-w-        c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-20 15:31        6144        ---ha-w-        c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-20 15:31        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-10-03 1556032]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-01-11 929272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-3-24 1219360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 usbsmi;Integrated Camera Service Display Name V1;c:\windows\system32\DRIVERS\SMIksdrv.sys;c:\windows\SYSNATIVE\DRIVERS\SMIksdrv.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 06:54]
.
2013-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 10:20]
.
2013-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 10:20]
.
2013-10-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
2013-10-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMI_SSE_V5"="c:\windows\SMIKsSTI.EXE" [2011-04-11 212992]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-04-04 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-04-04 281960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=hp&fr=linkury-tb&installDate=14/05/2013&type=hp1000
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-28  17:49:43
ComboFix-quarantined-files.txt  2013-10-28 16:49
.
Vor Suchlauf: 12 Verzeichnis(se), 243.353.624.576 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 243.638.067.200 Bytes frei
.
- - End Of File - - 29029B7284E2E10B614A6B7D11F33613
VG und nochmals Danke, Lars

M-K-D-B 29.10.2013 11:10
Servus,


der Grund für die vielen Fehlermeldung könnte an der Tatsache liegen, dass du Sophos nicht deaktiviert hast, worum ich dich gebeten hatte. ;)





So geht es weiter:





Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM.

HerrV 29.10.2013 13:28
Mahlzeit.

Ups, ich hatte Sophos mit dem Task Manager beendet, ich dachte, so würde ich es deaktivieren... Naja, wie dem auch sei, habs dann doch geschafft und ComboFix nochmal ausgeführt. Dieses Mal lief es dann fehlerfrei und ohne meckern, hier nochmal das Log:

ComboFix:
Code:
ComboFix 13-10-28.01 - Lars 29.10.2013  12:04:38.2.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4010.2423 [GMT 1:00]
ausgeführt von:: c:\users\Lars\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-28 bis 2013-10-29  ))))))))))))))))))))))))))))))
.
.
2013-10-29 11:11 . 2013-10-29 11:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-10-29 11:11 . 2013-10-29 11:11        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2013-10-29 11:02 . 2013-10-29 11:02        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{25A1DEA5-17C3-4CF5-BE75-4A9047BEE43A}\offreg.dll
2013-10-28 08:34 . 2013-10-28 08:34        --------        d-----w-        C:\FRST
2013-10-27 15:34 . 2013-10-27 15:30        37880        ----a-w-        c:\windows\system32\SophosBootTasks.exe
2013-10-27 15:33 . 2013-10-27 15:33        --------        d-----w-        c:\program files (x86)\Common Files\Cisco Systems
2013-10-27 15:30 . 2013-10-27 15:30        154952        ----a-w-        c:\windows\system32\drivers\savonaccess.sys
2013-10-27 15:14 . 2013-10-27 15:14        25608        ----a-w-        c:\windows\system32\drivers\SophosBootDriver.sys
2013-10-27 14:58 . 2013-10-16 00:20        10280728        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{25A1DEA5-17C3-4CF5-BE75-4A9047BEE43A}\mpengine.dll
2013-10-27 12:03 . 2013-10-27 12:03        534306        ----a-w-        c:\programdata\1382874960.bdinstall.bin
2013-10-27 12:01 . 2013-10-27 12:01        --------        d-----w-        c:\programdata\BDLogging
2013-10-27 11:56 . 2013-10-27 14:41        --------        d-----w-        c:\programdata\Bitdefender
2013-10-27 11:56 . 2013-10-27 14:42        --------        d-----w-        c:\program files\Bitdefender
2013-10-27 11:56 . 2013-10-27 11:56        --------        d-----w-        c:\users\Lars\AppData\Roaming\QuickScan
2013-10-27 11:55 . 2013-10-27 14:41        --------        d-----w-        c:\program files\Common Files\Bitdefender
2013-10-27 11:55 . 2013-10-27 11:55        --------        d-----w-        c:\program files (x86)\Common Files\Bitdefender
2013-10-20 09:22 . 2013-10-20 09:22        --------        d--h--w-        c:\programdata\CanonBJ
2013-10-20 09:22 . 2009-07-14 01:40        84992        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2013-10-11 07:11 . 2013-07-04 12:50        633856        ----a-w-        c:\windows\system32\comctl32.dll
2013-10-11 07:10 . 2013-07-04 12:57        259584        ----a-w-        c:\windows\system32\WebClnt.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 01:08 . 2013-01-23 09:33        80541720        ----a-w-        c:\windows\system32\MRT.exe
2013-10-11 06:54 . 2013-02-01 14:49        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 06:54 . 2013-02-01 14:49        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-03 13:35 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-11 07:10        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-20 15:31        155584        ----a-w-        c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-20 15:31        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-20 15:31        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-20 15:31        1161216        ----a-w-        c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-20 15:31        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-20 15:31        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        6656        ----a-w-        c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-20 15:31        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-20 15:31        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-20 15:31        338432        ----a-w-        c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-20 15:31        112640        ----a-w-        c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-20 15:31        6144        ---ha-w-        c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-20 15:31        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-20 15:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-20 15:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-10-03 1556032]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-01-11 929272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-3-24 1219360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 usbsmi;Integrated Camera Service Display Name V1;c:\windows\system32\DRIVERS\SMIksdrv.sys;c:\windows\SYSNATIVE\DRIVERS\SMIksdrv.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 06:54]
.
2013-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 10:20]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA.job
- c:\users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 10:20]
.
2013-10-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
2013-10-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SMI_SSE_V5"="c:\windows\SMIKsSTI.EXE" [2011-04-11 212992]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-04-04 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-04-04 281960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=hp&fr=linkury-tb&installDate=14/05/2013&type=hp1000
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2a16bbf6-eed7-404f-820c-f1f15d058a2f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/05/2013&type=hp1000
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-29  12:13:54
ComboFix-quarantined-files.txt  2013-10-29 11:13
ComboFix2.txt  2013-10-28 16:49
.
Vor Suchlauf: 15 Verzeichnis(se), 243.653.820.416 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 243.355.779.072 Bytes frei
.
- - End Of File - - E19685C0BA2884C9D9F88BA270C0E4BB
Ausserdem folgen jetzt die anderen angeforderten Logs:

AdwCleaner[S0]:
Code:
# AdwCleaner v3.010 - Bericht erstellt am 29/10/2013 um 12:24:25
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Lars - NOTEBOOK
# Gestartet von : C:\Users\Lars\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Lars\AppData\Roaming\OpenCandy
Datei Gelöscht : C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\searchplugins\Web Search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3287 octets] - [29/10/2013 12:23:30]
AdwCleaner[S0].txt - [2198 octets] - [29/10/2013 12:24:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2258 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Professional x64
Ran by Lars on 29.10.2013 at 12:30:47,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Lars\appdata\local\{1E540AC3-180F-4FD3-BE53-D5449F9FF294}
Successfully deleted: [Empty Folder] C:\Users\Lars\appdata\local\{B59E45E1-4BA6-4E64-A010-A3D4D108DACE}



~~~ FireFox

Emptied folder: C:\Users\Lars\AppData\Roaming\mozilla\firefox\profiles\0xizg4ty.default\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.10.2013 at 12:42:01,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MBAM:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Lars :: NOTEBOOK [Administrator]

29.10.2013 13:08:20
mbam-log-2013-10-29 (13-08-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223167
Laufzeit: 6 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Lars\Downloads\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Vielen Dank und VG, Lars

M-K-D-B 29.10.2013 17:46
Servus,



wie läuft der Rechner momentan?




Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.

HerrV 29.10.2013 19:34
Hallo Matthias.
Bisher ist keine Verbesserung zu verzeichnen. Das Wartungscenter schlägt noch immer Alarm wegen des win32/small.ca und zusätzlich beschwert sich nun Sophos und hat die "Adware/PUA" NirCmd in Quarantäne verschoben (aber das scheint ja irgendwas von ComboFix zu sein)... Naja, das sind alle Neuigkeiten....

Hier noch die Logs:

FRST.txt:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Lars (administrator) on NOTEBOOK on 29-10-2013 19:24:02
Running from C:\Users\Lars\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Silicon Motion) C:\Windows\SMIKsSTI.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [SMI_SSE_V5] - C:\Windows\SMIKsSTI.exe [212992 2011-04-11] (Silicon Motion)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\CONEXANT\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe [281960 2011-04-04] (Lenovo Group Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll [1556032 2012-10-03] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe [929272 2013-01-11] (Sophos Limited)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [217672 2013-10-27] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [275352 2013-10-27] (Sophos Limited)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default
FF NewTab: about:blank
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lars\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lars\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

==================== Services (Whitelisted) =================

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-01-08] (The OpenVPN Project)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-27] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-27] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [443240 2011-03-02] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-27] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-27] (Sophos Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-14] (DT Soft Ltd)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [32104 2011-07-08] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-10-27] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-01-22] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-10-27] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [210048 2011-04-11] (SMI)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 13:05 - 2013-10-29 13:05 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-29 13:05 - 2013-10-29 13:05 - 00000000 ____D C:\Users\Lars\AppData\Roaming\Malwarebytes
2013-10-29 13:05 - 2013-10-29 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-29 13:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-29 13:04 - 2013-10-29 13:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-29 12:56 - 2013-10-29 12:56 - 00000624 _____ C:\Users\Lars\Desktop\JRT.txt
2013-10-29 12:42 - 2013-10-29 12:42 - 00000967 _____ C:\Users\Lars\Desktop\JRT1.txt
2013-10-29 12:30 - 2013-10-29 12:30 - 01033335 _____ (Thisisu) C:\Users\Lars\Desktop\JRT.exe
2013-10-29 12:30 - 2013-10-29 12:30 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 12:27 - 2013-10-29 12:27 - 00002346 _____ C:\Users\Lars\Desktop\AdwCleaner[S0].txt
2013-10-29 12:23 - 2013-10-29 12:24 - 00000000 ____D C:\AdwCleaner
2013-10-29 12:22 - 2013-10-29 12:22 - 01060070 _____ C:\Users\Lars\Desktop\adwcleaner.exe
2013-10-29 12:14 - 2013-10-29 12:14 - 00023002 _____ C:\Users\Lars\Desktop\ComboFix.txt
2013-10-29 12:13 - 2013-10-29 12:13 - 00023002 _____ C:\ComboFix.txt
2013-10-29 12:03 - 2009-04-20 05:56 - 00060416 _____ C:\Windows\NIRCMD.exe
2013-10-28 17:53 - 2013-10-28 17:49 - 00023214 _____ C:\Users\Lars\Desktop\ComboFix1.txt
2013-10-28 17:31 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-28 17:30 - 2013-10-29 12:13 - 00000000 ____D C:\Qoobox
2013-10-28 17:30 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-28 17:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-28 17:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-28 17:30 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-28 17:30 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-28 17:30 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-28 17:29 - 2013-10-28 17:46 - 00000000 ____D C:\Windows\erdnt
2013-10-28 17:24 - 2013-10-29 12:02 - 05137071 ____R (Swearware) C:\Users\Lars\Desktop\ComboFix.exe
2013-10-28 12:37 - 2013-10-28 12:37 - 00446768 _____ C:\Windows\Minidump\102813-18189-01.dmp
2013-10-28 12:25 - 2013-10-28 12:25 - 00022406 _____ C:\Users\Lars\Desktop\gmer.log
2013-10-28 12:15 - 2013-10-28 12:15 - 00000470 _____ C:\Users\Lars\Desktop\defogger_disable.log
2013-10-28 11:46 - 2013-10-28 11:46 - 00000277 _____ C:\Users\Lars\Desktop\postausgang.CSV
2013-10-28 11:45 - 2013-10-28 11:46 - 00009318 _____ C:\Users\Lars\AppData\Roaming\Kommagetrennte Werte (Windows).EML
2013-10-28 11:45 - 2013-10-28 11:45 - 01050408 _____ C:\Users\Lars\Desktop\posteingang.CSV
2013-10-28 10:22 - 2013-10-28 10:22 - 00442624 _____ C:\Windows\Minidump\102813-22011-01.dmp
2013-10-28 09:45 - 2013-10-28 09:45 - 00377856 _____ C:\Users\Lars\Desktop\86tt77j8.exe
2013-10-28 09:34 - 2013-10-28 09:34 - 00000000 ____D C:\FRST
2013-10-28 09:33 - 2013-10-28 09:33 - 01956538 _____ (Farbar) C:\Users\Lars\Desktop\FRST64.exe
2013-10-28 09:31 - 2013-10-28 09:31 - 00000168 _____ C:\Users\Lars\defogger_reenable
2013-10-28 09:29 - 2013-10-28 09:29 - 00050477 _____ C:\Users\Lars\Desktop\Defogger.exe
2013-10-27 16:34 - 2013-10-27 16:30 - 00037880 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2013-10-27 16:30 - 2013-10-27 16:30 - 00154952 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2013-10-27 16:14 - 2013-10-27 16:14 - 00025608 _____ (Sophos Plc) C:\Windows\system32\Drivers\SophosBootDriver.sys
2013-10-27 16:09 - 2013-10-27 16:11 - 08582056 _____ (Igor Pavlov) C:\Users\Lars\Downloads\ses103cau_ext.exe
2013-10-27 14:35 - 2013-10-27 14:35 - 00000385 _____ C:\Users\Lars\AppData\Roaminguser_gensett.xml
2013-10-27 13:03 - 2013-10-27 13:03 - 00534306 _____ C:\ProgramData\1382874960.bdinstall.bin
2013-10-27 13:01 - 2013-10-27 13:01 - 00000000 ____D C:\ProgramData\BDLogging
2013-10-27 12:56 - 2013-10-27 15:42 - 00000000 ____D C:\Program Files\Bitdefender
2013-10-27 12:56 - 2013-10-27 15:41 - 00000000 ____D C:\ProgramData\Bitdefender
2013-10-27 12:56 - 2013-10-27 12:56 - 00000000 ____D C:\Users\Lars\AppData\Roaming\QuickScan
2013-10-27 12:55 - 2013-10-27 15:41 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-10-27 12:53 - 2013-10-27 12:54 - 00000008 _____ C:\Users\Lars\Desktop\Bitdefender Key.txt
2013-10-20 10:22 - 2013-10-20 10:22 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-10-12 02:19 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 02:19 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 02:19 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-12 02:19 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 02:19 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 02:19 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-12 02:19 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 02:19 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-12 02:19 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 02:19 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 02:19 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-12 02:19 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 08:11 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 08:11 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 08:11 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 08:11 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 08:11 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 08:11 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 08:11 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 08:11 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 08:11 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 08:11 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 08:11 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 08:11 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 08:11 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 08:11 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 08:11 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 08:11 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 08:11 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 08:10 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 08:10 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 08:10 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 08:10 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 08:10 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 08:10 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 08:10 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 08:10 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 08:10 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 08:10 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 08:10 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 08:10 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 08:10 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 08:10 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 08:10 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 08:10 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 08:10 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 08:10 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 08:10 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 08:10 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 08:10 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 08:10 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 08:10 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:10 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 08:10 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 08:10 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 08:10 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 08:10 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 08:10 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-02 15:20 - 2013-10-02 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-29 19:25 - 2013-07-19 17:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 19:24 - 2013-01-11 09:00 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-29 19:21 - 2013-04-19 11:20 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA.job
2013-10-29 19:21 - 2013-01-11 09:00 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-29 19:21 - 2011-10-18 05:50 - 01964348 _____ C:\Windows\WindowsUpdate.log
2013-10-29 13:24 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 13:24 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 13:21 - 2011-10-18 15:34 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-10-29 13:21 - 2011-10-18 15:34 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-10-29 13:21 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-29 13:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 13:16 - 2010-11-21 04:47 - 00027886 _____ C:\Windows\PFRO.log
2013-10-29 13:16 - 2009-07-14 05:51 - 00058366 _____ C:\Windows\setupact.log
2013-10-29 13:05 - 2013-10-29 13:05 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-29 13:05 - 2013-10-29 13:05 - 00000000 ____D C:\Users\Lars\AppData\Roaming\Malwarebytes
2013-10-29 13:05 - 2013-10-29 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-29 13:05 - 2013-10-29 13:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-29 12:56 - 2013-10-29 12:56 - 00000624 _____ C:\Users\Lars\Desktop\JRT.txt
2013-10-29 12:42 - 2013-10-29 12:42 - 00000967 _____ C:\Users\Lars\Desktop\JRT1.txt
2013-10-29 12:30 - 2013-10-29 12:30 - 01033335 _____ (Thisisu) C:\Users\Lars\Desktop\JRT.exe
2013-10-29 12:30 - 2013-10-29 12:30 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 12:27 - 2013-10-29 12:27 - 00002346 _____ C:\Users\Lars\Desktop\AdwCleaner[S0].txt
2013-10-29 12:24 - 2013-10-29 12:23 - 00000000 ____D C:\AdwCleaner
2013-10-29 12:22 - 2013-10-29 12:22 - 01060070 _____ C:\Users\Lars\Desktop\adwcleaner.exe
2013-10-29 12:14 - 2013-10-29 12:14 - 00023002 _____ C:\Users\Lars\Desktop\ComboFix.txt
2013-10-29 12:13 - 2013-10-29 12:13 - 00023002 _____ C:\ComboFix.txt
2013-10-29 12:13 - 2013-10-28 17:30 - 00000000 ____D C:\Qoobox
2013-10-29 12:11 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-10-29 12:02 - 2013-10-28 17:24 - 05137071 ____R (Swearware) C:\Users\Lars\Desktop\ComboFix.exe
2013-10-28 17:49 - 2013-10-28 17:53 - 00023214 _____ C:\Users\Lars\Desktop\ComboFix1.txt
2013-10-28 17:46 - 2013-10-28 17:29 - 00000000 ____D C:\Windows\erdnt
2013-10-28 12:37 - 2013-10-28 12:37 - 00446768 _____ C:\Windows\Minidump\102813-18189-01.dmp
2013-10-28 12:37 - 2013-05-22 17:21 - 491628580 _____ C:\Windows\MEMORY.DMP
2013-10-28 12:37 - 2013-05-22 17:21 - 00000000 ____D C:\Windows\Minidump
2013-10-28 12:25 - 2013-10-28 12:25 - 00022406 _____ C:\Users\Lars\Desktop\gmer.log
2013-10-28 12:15 - 2013-10-28 12:15 - 00000470 _____ C:\Users\Lars\Desktop\defogger_disable.log
2013-10-28 12:03 - 2009-07-14 05:45 - 00458048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-28 11:53 - 2013-01-22 18:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-28 11:51 - 2013-01-22 17:12 - 00119936 _____ C:\Users\Lars\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-28 11:51 - 2010-11-21 08:16 - 00000000 ____D C:\Windows\ShellNew
2013-10-28 11:51 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-10-28 11:49 - 2013-01-22 18:43 - 00000000 ____D C:\Users\Lars\Documents\Outlook-Dateien
2013-10-28 11:48 - 2009-07-14 03:34 - 00000490 _____ C:\Windows\win.ini
2013-10-28 11:46 - 2013-10-28 11:46 - 00000277 _____ C:\Users\Lars\Desktop\postausgang.CSV
2013-10-28 11:46 - 2013-10-28 11:45 - 00009318 _____ C:\Users\Lars\AppData\Roaming\Kommagetrennte Werte (Windows).EML
2013-10-28 11:46 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-28 11:45 - 2013-10-28 11:45 - 01050408 _____ C:\Users\Lars\Desktop\posteingang.CSV
2013-10-28 11:35 - 2011-10-18 06:14 - 00000000 ____D C:\ProgramData\Adobe
2013-10-28 10:22 - 2013-10-28 10:22 - 00442624 _____ C:\Windows\Minidump\102813-22011-01.dmp
2013-10-28 09:45 - 2013-10-28 09:45 - 00377856 _____ C:\Users\Lars\Desktop\86tt77j8.exe
2013-10-28 09:37 - 2013-04-19 11:20 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core.job
2013-10-28 09:34 - 2013-10-28 09:34 - 00000000 ____D C:\FRST
2013-10-28 09:33 - 2013-10-28 09:33 - 01956538 _____ (Farbar) C:\Users\Lars\Desktop\FRST64.exe
2013-10-28 09:31 - 2013-10-28 09:31 - 00000168 _____ C:\Users\Lars\defogger_reenable
2013-10-28 09:31 - 2013-01-22 17:11 - 00000000 ____D C:\Users\Lars
2013-10-28 09:29 - 2013-10-28 09:29 - 00050477 _____ C:\Users\Lars\Desktop\Defogger.exe
2013-10-27 16:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-27 16:33 - 2013-01-22 17:39 - 00000000 ____D C:\ProgramData\Sophos
2013-10-27 16:30 - 2013-10-27 16:34 - 00037880 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2013-10-27 16:30 - 2013-10-27 16:30 - 00154952 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2013-10-27 16:14 - 2013-10-27 16:14 - 00025608 _____ (Sophos Plc) C:\Windows\system32\Drivers\SophosBootDriver.sys
2013-10-27 16:12 - 2013-01-22 17:39 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-10-27 16:11 - 2013-10-27 16:09 - 08582056 _____ (Igor Pavlov) C:\Users\Lars\Downloads\ses103cau_ext.exe
2013-10-27 15:51 - 2013-08-28 08:59 - 00000000 ____D C:\Users\Lars\Desktop\LateX-Vorlage
2013-10-27 15:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-27 15:50 - 2011-10-18 06:02 - 00000000 ____D C:\Program Files\Broadcom
2013-10-27 15:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-27 15:42 - 2013-10-27 12:56 - 00000000 ____D C:\Program Files\Bitdefender
2013-10-27 15:41 - 2013-10-27 12:56 - 00000000 ____D C:\ProgramData\Bitdefender
2013-10-27 15:41 - 2013-10-27 12:55 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-10-27 15:39 - 2013-05-24 12:14 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-27 14:35 - 2013-10-27 14:35 - 00000385 _____ C:\Users\Lars\AppData\Roaminguser_gensett.xml
2013-10-27 13:03 - 2013-10-27 13:03 - 00534306 _____ C:\ProgramData\1382874960.bdinstall.bin
2013-10-27 13:01 - 2013-10-27 13:01 - 00000000 ____D C:\ProgramData\BDLogging
2013-10-27 12:56 - 2013-10-27 12:56 - 00000000 ____D C:\Users\Lars\AppData\Roaming\QuickScan
2013-10-27 12:54 - 2013-10-27 12:53 - 00000008 _____ C:\Users\Lars\Desktop\Bitdefender Key.txt
2013-10-20 10:22 - 2013-10-20 10:22 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-10-18 08:32 - 2013-04-19 11:20 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA
2013-10-18 08:32 - 2013-04-19 11:20 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core
2013-10-12 02:18 - 2011-10-18 06:02 - 01590378 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-12 02:13 - 2013-07-29 12:03 - 00000000 _____ C:\Windows\system32\vireng.log
2013-10-12 02:11 - 2013-08-01 16:46 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 02:08 - 2013-01-23 10:33 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-11 07:55 - 2013-07-19 17:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 07:54 - 2013-02-01 15:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 07:54 - 2013-02-01 15:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 22:31 - 2013-01-22 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-04 10:03 - 2013-01-22 17:19 - 00000000 ____D C:\Users\Lars\AppData\Local\Mozilla
2013-10-02 15:20 - 2013-10-02 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 14:46 - 2009-07-14 06:08 - 00021286 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 12:21 - 2013-03-20 19:13 - 00000000 ____D C:\Users\Lars\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Lars\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-27 16:44

==================== End Of Log ============================
--- --- ---


Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013
Ran by Lars at 2013-10-29 19:25:29
Running from C:\Users\Lars\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

==================== Installed Programs ======================

Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.01) - Deutsch (x32 Version: 11.0.01)
Anzeige am Bildschirm (Version: 6.62.01)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.2.43)
Broadcom InConcert Maestro (Version: 1.0.1.2100)
Citavi (x32 Version: 3.4.0.1)
Conexant HD Audio (Version: 8.32.27.0)
Create Recovery Media (x32 Version: 1.20.0.00)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
foobar2000 v1.2.2 (x32 Version: 1.2.2)
GPL Ghostscript (Version: 9.02)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Integrated Camera (Version: 5.50.3.8)
Integrated Camera (x32 Version: 5.50.3.8)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.00.1000)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (x32 Version: 1.0.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo Screen Reading Optimizer (x32 Version: 1.07)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (x32 Version: 5.02.0011)
Lenovo ThinkVantage Toolbox (Version: 6.0.5802.24)
Lenovo User Guide (x32 Version: 1.0.0008.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 2.02.003.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Message Center Plus (x32 Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MiKTeX 2.9 (Version: 2.9)
Mobile Broadband Drivers (x32 Version: 6.5.1.5)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Music Manager (HKCU)
OpenVPN 2.3.0-I001  (Version: 2.3.0-I001)
pstoedit and importps 3.61 (Version: 3.61)
R for Windows 2.15.2 (Version: 2.15.2)
RapidBoot (Version: 1.10)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.69)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
RStudio (x32 Version: 0.97.318)
Skype™ 6.6 (x32 Version: 6.6.106)
Sophos Anti-Virus (x32 Version: 10.3.1)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
TAP-Windows 9.9.2 (Version: 9.9.2)
TeXnicCenter Version 2.0 Beta 1 (Version: 2.0 Beta 1)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.2100)
ThinkPad Energie-Manager (x32 Version: 3.61)
ThinkPad UltraNav Driver (Version: 15.2.19.0)
ThinkVantage AutoLock (Version: 1.02)
ThinkVantage Communications Utility (Version: 2.06)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.74)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
VIPAccess (x32 Version: 2.0.1.91)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (Version: 11/06/2010 10.1.0.1008)
Windows-Treiberpaket - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (Version: 01/19/2011 1.62.00.00)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (Version: 03/24/2011 15.2.19.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

24-09-2013 09:24:04 Windows Update
01-10-2013 14:49:03 Windows Update
04-10-2013 15:18:12 Windows Update
11-10-2013 07:10:07 Windows Update
12-10-2013 01:00:21 Windows Update
17-10-2013 10:47:47 Windows Update
26-10-2013 18:23:39 Windows Update
27-10-2013 13:07:13 Removed Sophos AutoUpdate
27-10-2013 13:57:53 Windows Update
27-10-2013 14:39:06 Removed Broadcom InConcert Maestro
27-10-2013 14:47:29 Wiederherstellungsvorgang
27-10-2013 15:11:25 Removed Sophos AutoUpdate
27-10-2013 15:11:52 Installed Sophos AutoUpdate
27-10-2013 15:13:29 Removed Sophos AutoUpdate
28-10-2013 10:30:48 Removed Adobe Acrobat X Pro - English, Français, Deutsch.
28-10-2013 10:36:59 Removed IBM SPSS Statistics 20.
28-10-2013 10:46:28 Removed Microsoft Office Enterprise 2007

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-10-28 17:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {084205F0-C16F-48C0-8568-B2F32FBB4F85} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {167A29EE-B4ED-4991-8BAE-59D2C4C93A1D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-06-01] (Lenovo Group Limited)
Task: {40843BAA-98A9-443A-B2B3-B855E6A2EF5D} - System32\Tasks\MCP => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {4447A86F-76A7-4DEA-9EA4-E70C1DA5525F} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {49F3E7CB-0E26-4576-9F6D-455E5A538F62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {A4B76FA3-633B-45D7-B959-702043724BBD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {AC80CAD9-380C-4A37-9302-BFE7EEE98CBC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {BFCDE02A-3AAE-4D09-A047-8C39A5514648} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {BFF31B0C-10C6-4AA1-A60B-96C69645F67B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CEA316DA-ADC6-4F92-A932-5CFC379489D2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {E512563A-C52A-4442-BF9B-9B880AB78772} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {F9088644-656E-4EF4-9492-2FC983D9731E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000Core.job => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2023589072-630133933-1296572217-1000UA.job => C:\Users\Lars\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2011-10-18 06:12 - 2011-06-01 19:01 - 00054272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-10-18 15:28 - 2011-03-24 11:48 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-10-18 06:09 - 2011-06-10 17:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-18 05:57 - 2010-11-04 09:17 - 00393216 _____ () C:\Windows\SMIKsLIB.dll
2011-10-18 05:57 - 2009-10-23 17:50 - 00326144 _____ () C:\Windows\system32\370prop.ax
2011-10-18 06:13 - 2010-04-06 08:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-10-18 06:13 - 2010-04-06 08:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2013-01-11 09:34 - 2011-05-26 17:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2013-10-02 15:20 - 2013-10-02 15:20 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-01-26 19:27 - 2013-01-26 19:27 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2013 03:36:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/29/2013 02:05:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/29/2013 01:18:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 01:02:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 00:59:32 PM) (Source: Application Hang) (User: )
Description: Programm SavMain.exe, Version 10.3.0.117 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 19d78

Startzeit: 01ced49deaac65b4

Endzeit: 125

Anwendungspfad: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe

Berichts-ID:


System errors:
=============
Error: (10/29/2013 07:20:57 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Schedule erreicht.

Error: (10/29/2013 00:59:36 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/29/2013 03:36:38 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dllc:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll9

Error: (10/29/2013 02:05:08 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dllc:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll9

Error: (10/29/2013 01:18:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 01:02:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 00:59:32 PM) (Source: Application Hang)(User: )
Description: SavMain.exe10.3.0.11719d7801ced49deaac65b4125C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe


CodeIntegrity Errors:
===================================
  Date: 2013-10-28 17:43:42.895
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-28 17:43:42.817
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 4009.9 MB
Available physical RAM: 2119.37 MB
Total Pagefile: 8017.98 MB
Available Pagefile: 5897.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:284.61 GB) (Free:226.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:12.3 GB) (Free:3.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 5D8739B2)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 29.10.2013 19:40
Servus,




Zitat:
Zitat von HerrV (Beitrag 1184186)
Bisher ist keine Verbesserung zu verzeichnen. Das Wartungscenter schlägt noch immer Alarm wegen des win32/small.ca und zusätzlich beschwert sich nun Sophos und hat die "Adware/PUA" NirCmd in Quarantäne verschoben (aber das scheint ja irgendwas von ComboFix zu sein)... Naja, das sind alle Neuigkeiten....
Gibt das Wartungscenter nähere Informationen, d. h. Pfad oder Ort des Schädlings?
Welche Informationen findest du dort?





Downloade dir HitmanPro (64 Bit) auf deinen Desktop.
  • Starte die HitmanPro.exe.
  • Klicke auf Weiter.
  • Akzeptiere die Lizenzbedinungen und klicke auf Weiter.
  • Wähle Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen aus und klicke auf Weiter.
  • Lass am Ende des Suchlaufs alle auftretende Funde entfernen und klicke auf Weiter.
  • Wähle im nächsten Fenster Logdatei speichern und speichere die Logdatei auf deinem Desktop.
  • Schließe HitmanPro.
  • Poste die HitmanPro_<Datum_Uhrzeit>.txt mit deiner nächsten Antwort.

HerrV 29.10.2013 20:07
Derart Infos sind im Wartungscenter nicht zu finden, lediglich die Info, dass der Virus da ist...
Nach dem Scan von HitmanPro ist die Meldung weg... hier nochmal das Log

Code:
HitmanPro 3.7.8.207
www.hitmanpro.com

  Computer name . . . . : NOTEBOOK
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : Notebook\Lars
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-10-29 19:55:40
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 3m 39s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 33

  Objects scanned . . . : 1.238.372
  Files scanned . . . . : 26.156
  Remnants scanned  . . : 362.770 files / 849.446 keys

Cookies _____________________________________________________________________

  C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Cookies\64ITL6RP.txt
  C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Cookies\NRJIH198.txt
  C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Cookies\OX9RB20L.txt
  C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Cookies\WYWE84FH.txt
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:2o7.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:ad.12mnkys.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:ad.yieldmanager.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:ad.zanox.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:apmebf.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:atdmt.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:autoscout24.112.2o7.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:c1.atdmt.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:cbsdigitalmedia.112.2o7.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:cmp.112.2o7.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:cqrkalixa.122.2o7.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:de.sitestat.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:deutschepostag.112.2o7.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:doubleclick.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:int.sitestat.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:invitemedia.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:kaspersky.122.2o7.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:maplesoft.112.2o7.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:mediaplex.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:serving-sys.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:stat.novasol.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:statcounter.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:stats.paypal.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:statse.webtrendslive.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:track.webtrekk.net
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:tradedoubler.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:www.etracker.de
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:www.googleadservices.com
  C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\0xizg4ty.default\cookies.sqlite:xiti.com

M-K-D-B 29.10.2013 20:10
Servus,



wir kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.






Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 2
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

HerrV 30.10.2013 09:28
Moin.
Konntest du denn feststellen, was der Ursprung der Meldung war?
Danke und VG, Lars

Hier die Logs:

ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1435b4506b0c4e46a49aeebae8effdac
# engine=15688
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-30 08:06:28
# local_time=2013-10-30 09:06:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 48819 134750238 0 0
# compatibility_mode=8449 16775165 50 93 4665 237188 1063 0
# scanned=146570
# found=0
# cleaned=0
# scan_time=4274
SecurityCheck:
Code:
Results of screen317's Security Check version 0.99.74 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Sophos Anti-Virus 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Adobe Flash Player 11.9.900.117 
 Adobe Reader XI 
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent```````` 
 Sophos Sophos Anti-Virus SavService.exe 
 Sophos Sophos Anti-Virus SAVAdminService.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

M-K-D-B 30.10.2013 17:45
Servus Lars,




Zitat:
Zitat von HerrV (Beitrag 1184404)
Konntest du denn feststellen, was der Ursprung der Meldung war?
Es befand sich zwar ein wenig Adware auf dem Rechner, welche jedoch nicht für die Meldung verantwortlich war. Es kann gut sein, dass HitmanPro ein paar Dateien in den temporären Dateien gelöscht hat, die für die Meldung verantwortlich waren.








Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.






Schritt 1
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 2
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.


Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC


Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

HerrV 30.10.2013 21:28
Hey Matthias!

Vielen herzlichen Dank! :dankeschoen: :dankeschoen:
Der Rechner ist wieder tiptop und läuft wie ne 1! Keine weiteren Fragen, Spende folgt ;)
Ihr seid echt die besten :applaus:

VG und bis dann erstmal, Lars


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131