Hallo markusg,

beim starten den Rechners erhielt ich heute vom Avira Antivirenprogramm ein Hinweis, dass das Update fehlgeschlagen ist (Report nachfolgend). Habe ein manuelles Update vorgenommen und es wurden dann zwei neue Updates installiert.

Avira-Report:

Avira Free Antivirus Updater
Vollständiges Produktupdate

Erstellungszeitpunkt: Montag, 17. Juni 2013 07:34:07

Betriebssystem:
Windows Vista (TM) Home Premium (Service Pack 2) [6.0.6002] 32 bit

Produktinformationen:
Produktversion: 13.0.0.3640
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 13.6.14.1262
Updaterresource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 13.4.0.362
Bibliothek: C:\Program Files\Avira\AntiVir Desktop\update.dll 1.0.0.9
Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 13.6.0.1262
GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 13.6.3.1262

Temporäres Verzeichnis: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\
Backupverzeichnis: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\
Installationsverzeichnis: C:\Program Files\Avira\AntiVir Desktop\
Updaterverzeichnis: C:\Program Files\Avira\AntiVir Desktop\
AppData Verzeichnis: C:\ProgramData\Avira\AntiVir Desktop\

Verbindungseinstellungen:
- Verbindungsart: Webserver
- Übertragungstyp: Vorhandene Verbindung
- Proxyeinstellungen: Verwende Systemeinstellungen

07:34:07 [UPD] [INFO] Prüfe ob neuere Dateien zur Verfügung stehen.
07:34:07 [UPD] [INFO] Wähle Updateserver 'hxxp://80.190.148.75/update'.
07:34:07 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/master.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
07:34:08 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/wks_avira13-win32-de-pecl.idx' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira13-win32-de-pecl.idx'.
07:34:08 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/wks_avira13-win32-de-pecl.info.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira13-win32-de-pecl.info.gz'.
07:34:08 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/vdf.info.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\vdf.info.gz'.
07:34:08 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/rdf-common-int.info.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\rdf-common-int.info.gz'.
07:34:08 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/ave2-win32-int.info.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\ave2-win32-int.info.gz'.
07:34:08 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/wks_avira13-win32-de-pecl-info.info.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira13-win32-de-pecl-info.info.gz'.
07:34:08 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/peclkey-common-int.info.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\peclkey-common-int.info.gz'.
07:34:08 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/scanner13-win32-int.info.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\scanner13-win32-int.info.gz'.
07:34:08 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/idx/localdecider-win32-int.info.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\localdecider-win32-int.info.gz'.
07:34:08 [UPD] [INFO] Vergleiche lokale Dateien mit Stand auf dem Updateserver.
07:34:08 [UPD] [INFO] Prüfe Modul SELFUPDATE:
07:34:08 [UPD] [INFO] Prüfe Modul WEBCAT:
07:34:08 [UPD] [INFO] Prüfe Modul VDF:
07:34:08 [UPD] [INFO] Datei 'n_vdf/vbase031.vdf' (lokal, Server): 7.11.84.240 < 7.11.85.12
07:34:08 [UPD] [INFO] Datei 'n_vdf/aevdf.dat' (lokal, Server): 7.11.84.240 < 7.11.85.12
07:34:08 [UPD] [INFO] Prüfe Modul RDF:
07:34:08 [UPD] [INFO] Prüfe Modul AVE2:
07:34:08 [UPD] [INFO] Prüfe Modul ANTISPAM:
07:34:08 [UPD] [INFO] Prüfe Modul MAIN:
07:34:08 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/64bitProxy.exe' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:08 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/ApnIC.dll' ist bereits installiert und wird nicht aktualisiert.
07:34:08 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/ApnStub.exe' ist bereits installiert und wird nicht aktualisiert.
07:34:08 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/ApnToolbarInstaller.exe' ist bereits installiert und wird nicht aktualisiert.
07:34:08 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/AppRemover_64.exe' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:08 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/AppRemover_API.dll' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:08 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/AppRemover_CLI.exe' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:08 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/AppRemover_EULA.txt' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:08 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/AppRemover_Excluded.txt' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:09 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/AVSDKList.zip' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/doSilent.txt' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/filelist.ini' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/insthlp.exe' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/license.dat' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/ManualUninstallConfig.zip' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/Microsoft.VC80.CRT.manifest' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/msvcp80.dll' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/msvcr80.dll' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/pinfo.dat' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/pmap.dat' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/presetup.exe' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/ProductReleaseNotes.zip' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/QATestedProducts.zip' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/de-de/quicksysscan.avp' ist bereits installiert und wird nicht aktualisiert.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/scpt.dat' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/tables.dat' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/thorwac.dll' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/de-de/toolbar_eula.txt' ist bereits installiert und wird nicht aktualisiert.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/vcredist_x86.exe' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/vmap.dat' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Prüfe Modul COMMAPPDATA_EVENTDB:
07:34:10 [UPD] [INFO] Prüfe Modul COMMAPPDATA:
07:34:10 [UPD] [INFO] Prüfe Modul COMMAPPDATA_AV:
07:34:10 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/addr_file.html' ist bereits installiert und wird nicht aktualisiert.
07:34:10 [UPD] [INFO] Prüfe Modul COMMAPP:
07:34:10 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/de-de/produpd.avj' ist bereits installiert und wird nicht aktualisiert.
07:34:10 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/de-de/scanjob.avj' ist bereits installiert und wird nicht aktualisiert.
07:34:10 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/de-de/startupd.avj' ist bereits installiert und wird nicht aktualisiert.
07:34:10 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/de-de/updjob.avj' ist bereits installiert und wird nicht aktualisiert.
07:34:10 [UPD] [INFO] Prüfe Modul COMMAPDATA_AV_PROFILES:
07:34:10 [UPD] [INFO] Datei 'wks_avira13/win32/de/pecl/de-de/folder.avp' ist bereits installiert und wird nicht aktualisiert.
07:34:10 [UPD] [INFO] Prüfe Modul TEXT:
07:34:10 [UPD] [INFO] Die Datei 'wks_avira13/win32/de/pecl/de-de/eula.txt' hat das IGNORE-Flag gesetzt und wird deswegen nicht berücksichtigt.
07:34:10 [UPD] [INFO] Prüfe Modul DRV:
07:34:10 [UPD] [INFO] Prüfe Modul PRODINFO:
07:34:10 [UPD] [INFO] Prüfe Modul SYS32:
07:34:10 [UPD] [INFO] Prüfe Modul PECLKEY:
07:34:10 [UPD] [INFO] Prüfe Modul SCANNER:
07:34:10 [UPD] [INFO] Prüfe Modul LOCALDECIDER:
07:34:10 [UPD] [INFO] 'C:\ProgramData\Avira\AntiVir Desktop\BACKUP\' benötigt 3276 Bytes freien Speicherplatz.
07:34:10 [UPD] [INFO] 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\' benötigt 66964 Bytes freien Speicherplatz.
07:34:10 [UPD] [INFO] 'C:\Program Files\Avira\AntiVir Desktop\' benötigt 33482 Bytes freien Speicherplatz.
07:34:10 [UPD] [INFO] Speicherplatz OK.
07:34:10 [UPD] [INFO] Laufwerk: C:\, freie Kapazität: 23479287808 Bytes.
07:34:10 [UPD] [INFO] Neue Dateien werden heruntergeladen...
07:34:10 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/n_vdf/vbase031.vdf.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase031.vdf.gz'.
07:34:10 [UPD] [INFO] Herunterladen von 'hxxp://80.190.148.75/update/n_vdf/aevdf.dat.gz' nach 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\aevdf.dat.gz'.
07:34:10 [UPD] [INFO] Das Programm läuft als uneingeschränkte Vollversion.
07:34:11 [UPD] [INFO] Beginne die Validierung der Engine.
10:34:20 [UPD] [ERROR] Validierung der Engine ist fehlgeschlagen. Fehler: 258


Zusammenfassung:
****************
2 Dateien heruntergeladen
0 Dateien installiert

Montag, 17. Juni 2013 10:34:21

Das Update ist fehlgeschlagen!

hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Anbei die Liste:

Access Help 15.08.2008 1,64MB 2.00 --> unbekannt
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.06.2013 11.7.700.224 --> notwendig
Adobe Reader 8.1.5 - Deutsch Adobe Systems Incorporated 01.06.2009 99,7MB 8.1.5 --> notwendig
Agere Systems HDA Modem Agere Systems 15.08.2008 --> unbekannt
Apple Application Support Apple Inc. 19.05.2013 64,7MB 2.3.4 --> notwendig
Apple Mobile Device Support Apple Inc. 02.03.2013 24,7MB 6.1.0.13 --> notwendig
Apple Software Update Apple Inc. 19.05.2012 2,38MB 2.1.3.127 --> notwendig
Avira Free Antivirus Avira 06.05.2013 62,6MB 13.0.0.3640 --> notwendig
Avira SearchFree Toolbar plus Web Protection Ask.com 14.06.2013 9,36MB 1.15.18.0 --> unbekannt
Avira SearchFree Toolbar plus Web Protection Updater Ask.com 14.06.2013 1,54MB 1.2.4.37268 --> unbekannt
Bonjour Apple Inc. 19.05.2012 1,03MB 3.0.0.10 --> unbekannt
Broadcom Gigabit Integrated Controller Broadcom Corporation 15.08.2008 0,74MB 10.15.06 --> unbekannt
Business Contact Manager für Outlook 2007 SP2 Microsoft Corporation 17.06.2009 31,5MB 3.0.8619.1 --> unbekannt
CCleaner Piriform 28.12.2009 2,88MB 2.27 --> notwendig
Client Security - Password Manager Lenovo Group Limited 30.12.2008 105,6MB 8.10.0006.00 --> notwendig
Corel Snapfire Plus Corel Corporation 15.08.2008 113,9MB 1.10.0000 --> unbekannt
CVE-2012-4969 23.09.2012 --> unbekannt
Diskeeper Home Diskeeper Corporation 15.08.2008 12,1MB 9.0.545 --> unbekannt
EPSON-Drucker-Software 08.10.2011 --> notwendig
Ergänzung zu Lenovo Care 15.08.2008 1,88MB 2.00 --> notwendig
Free System Utilities Covus Freemium GmbH 01.05.2013 0,42MB 1.0.0.17 --> unnötig
Google Chrome Google Inc. 23.11.2012 420,4MB 27.0.1453.110 --> unnötig
Google Toolbar for Internet Explorer Google Inc. 05.12.2009 7,75MB --> unnötig
Haufe iDesk-Service Haufe 27.12.2009 44,9MB 8.08.20.5622 --> notwendig
Help Center 15.08.2008 2,05MB 2.00c --> unbekannt
iCloud Apple Inc. 23.04.2013 48,4MB 2.1.2.8 --> notwendig
Integrated Camera Sonix 15.08.2008 3,61MB 5.8.8.012 --> unbekannt
Intel(R) Graphics Media Accelerator Driver Intel Corporation 03.01.2011 --> notwendig
Intel(R) TV Wizard Intel Corporation 03.01.2011 48,9MB --> unbekannt
Intel® Matrix Storage Manager Intel Corporation 03.01.2011 3,77MB --> unbekannt
Internet Explorer (Enable DEP) 21.02.2013 4,41MB --> notwendig
Internet-Radio Player Version 2.01.5 26.12.2009 11,2MB --> unnötig
iTunes Apple Inc. 09.06.2013 186,4MB 11.0.4.4 --> notwendig
Java(TM) 6 Update 39 Oracle 31.07.2012 95,7MB 6.0.390 --> unbekannt
JNLP JNLP 23.05.2013 --> unbekannt
Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900 Lenovo. 15.08.2008 40,8MB 6.0.1.4900 --> notwendig
Lenovo Care 15.08.2008 1,93MB 2.10 --> notwendig
Lenovo Care System Update Lenovo 17.09.2012 27,2MB 3.15.0017 --> notwendig
Lenovo Fingerprint Software Ihr Firmenname 15.08.2008 15,9MB 1.1.0.21 --> notwendig
Lenovo Multimedia Center 15.08.2008 3,23MB --> notwendig
Lenovo Registration Lenovo - Leader Technologies 15.08.2008 0,81MB --> notwendig
Lenovo System Interface Driver 30.12.2008 4,00KB 1.01 --> notwendig
Lenovo ThinkVantage Toolbox PC-Doctor, Inc. 12.01.2010 116,8MB 6.0.5449.37 --> notwendig
Lexware Info Service Haufe-Lexware GmbH & Co.KG 09.05.2013 13,7MB 2.90.00.0009 --> unbekannt
Maintenance Manager 15.08.2008 6,57MB 3.0.5.0 --> unbekannt
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 14.06.2013 13,4MB 1.75.0.1300 --> notwendig??
McAfee Security Scan Plus McAfee, Inc. 10.02.2013 2,33MB 3.0.318.3 --> unnötig
Message Center 15.08.2008 2,02MB 2.01b --> unbekannt
Message Center Plus Lenovo Group Limited 30.05.2009 1,70MB 2.0.0012.00 --> unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 17.06.2009 37,0MB --> unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 21.05.2009 37,0MB --> unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.01.2011 120,3MB 4.0.30319 --> unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.01.2011 24,5MB 4.0.30319 --> unbekannt
Microsoft Fix it Center Microsoft Corporation 18.07.2012 21,8MB 1.0.0100 --> notwendig
Microsoft Office 2003 Web Components Microsoft Corporation 13.12.2012 21,7MB 11.0.8003.0 --> unnötig
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 17.12.2011 13,7MB 12.0.4518.1014 --> unnötig
Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,95MB 14.0.5130.5003 --> unbekannt
Microsoft Office Live Add-in 1.5 Microsoft Corporation 23.06.2012 0,49MB 2.0.4024.1 --> unbekannt
Microsoft Office Outlook Connector Microsoft Corporation 03.01.2011 3,36MB 14.0.5118.5000 --> unbekannt
Microsoft Office Small Business Connectivity Components Microsoft Corporation 15.08.2008 0,15MB 2.0.7024.0 --> unbekannt
Microsoft Outlook 2010 Microsoft Corporation 23.06.2012 1.036,8MB 14.0.6029.1000 --> notwendig
Microsoft Silverlight Microsoft Corporation 12.03.2013 23,8MB 5.1.20125.0 --> unbekannt
Microsoft SQL Server 2005 Microsoft Corporation 15.08.2008 66,7MB --> unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 03.01.2011 1,74MB 3.1.0000 --> unbekannt
Microsoft SQL Server Native Client Microsoft Corporation 23.03.2011 2,63MB 9.00.5000.00 --> unbekannt
Microsoft SQL Server VSS Writer Microsoft Corporation 02.07.2011 0,68MB 9.00.5000.00 --> unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 --> unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 20.06.2011 0,29MB 8.0.56336 --> unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB 9.0.30729.4148 --> unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 20.03.2009 0,58MB 9.0.30729 --> unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.01.2011 0,58MB 9.0.30729.4148 --> unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 20.06.2011 0,58MB 9.0.30729.6161 --> unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.10.2011 16,5MB 10.0.40219 --> unbekannt
Mozilla Maintenance Service Mozilla 15.05.2013 0,22MB 17.0.6 --> unbekannt
Mozilla Thunderbird 17.0.6 (x86 de) Mozilla 15.05.2013 42,2MB 17.0.6 --> notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.12.2008 1,28MB 4.20.9870.0 --> unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0 --> unbekannt
NAVIGON Fresh 3.3.1 NAVIGON 25.06.2011 66,9MB 3.3.1 --> notwendig
Network Magic Pure Networks 15.08.2008 28,1MB 4.1.7082.0 --> unbekannt
OpenOffice.org 3.4.1 Apache Software Foundation 07.02.2013 331,7MB 3.41.9593 --> notwendig
Picasa 3 Google, Inc. 17.09.2012 96,1MB 3.8 --> unbekannt
PM Driver Lenovo 15.08.2008 0,37MB 0.63.1.6 --> notwendig
Präsentationsdirektor 03.01.2011 1,97MB 4.08 --> unbekannt
QuickSteuer 2009 SE Lexware 28.12.2009 171,9MB 15.00.00.0033 --> notwendig
QuickSteuer 2010 SE Haufe-Lexware GmbH & Co. KG 01.04.2012 416,7MB 16.14.00.0001 --> notwendig
QuickSteuer 2011 Haufe-Lexware GmbH & Co.KG 25.03.2013 445,0MB 17.08.00.0006 --> notwendig
QuickSteuer 2012 Haufe-Lexware GmbH & Co.KG 11.05.2013 611,6MB 18.09.00.0003 --> notwendig
QuickSteuer 2013 Haufe-Lexware GmbH & Co.KG 11.05.2013 619,5MB 19.06.00.0003 --> notwendig
QuickSteuer Wissens-Center 2009 Haufe Mediengruppe 27.12.2009 15.0.1.0 --> notwendig
QuickTime Apple Inc. 26.05.2013 74,7MB 7.74.80.86 --> unbekannt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15.08.2008 14,2MB 6.0.1.5391 --> notwendig
Registry patch for Windows Vista USB S3 PM Enablement 15.08.2008 4,00KB 1.00 --> notwendig
Rescue and Recovery Lenovo Group Limited 30.12.2008 101,7MB 4.21.0015.00 --> notwendig
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33 15.08.2008 1,67MB 3.33.01 --> unbekannt
Soluto Soluto 13.09.2012 28,1MB 1.3.979.0 --> notwendig
Synaptics Pointing Device Driver Synaptics 15.08.2008 12,8MB 9.0.3.0 --> notwendig
System Migration Assistant Lenovo Group Limited. 17.09.2012 32,1MB 6.00.0009 --> unbekannt
ThinkVantage Access Connections Lenovo 07.02.2009 76,7MB 5.12 --> unbekannt
TuneUp Utilities 2013 TuneUp Software 25.04.2013 78,3MB 13.0.3020.2 --> unnötig
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 02.07.2011 30,7MB 9.00.5000.00 --> unbekannt
WEB.DE Desktop Icons 1&1 Mail & Media GmbH 21.05.2013 0,10MB 3.0.3.0 --> unbekannt
WEB.DE MailCheck für Internet Explorer 1&1 Mail & Media GmbH 28.05.2013 2,38MB 2.2.2.0 --> unnötig
WEB.DE Softwareaktualisierung 1&1 Mail & Media GmbH 26.05.2013 1,53MB 3.0.0.54 --> notwendig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 03.01.2011 5,58MB 15.4.5722.2 --> unbekannt
WordPerfect Office X3 Corel Corporation 15.08.2008 282,4MB --> unbekannt

Das Rescue und Recovery Programm von meinem Lenovo Rechner fragt, ob für das System eine Sicherung durchgeführt werden soll? Ist das zum jetzigen Zeitpunkt "unseres Wiederherstellungsprozesses" sinnvoll? Durchführen oder ablehnen?
VG Oli

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Avira SearchFree : beide
CVE
Free System Utilities
Google : beide
Internet-Radio
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Malwarebytes
McAfee
Picasa
TuneUp
WEB.DE : unbekannt und unnötig, weg, eig kann auch der Updater weg

Sichern können wir später.

Öffne CCleaner, analysiern, starten, PC neustarten
Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Hallo,

bei der Installation des Adobe Flash Player 11 wurden Google Toolbar und Google Chrome automatisch installiert, soll ich diese wieder deinstallieren?

Nach der Installation von Java (mit Hinweis Vorgang abgeschlossen), öffnete sich ein kleines Hinweisfenster mit der Fehlermeldung "Get Default Browser Error: 2". Java 7 Update 25 befindet sich aber auf dem Rechner!!??

Die Deinstallation von "web.de Mail check" habe ich aufgrund einer Meldung mit sinngemäß folgendem Inhalt abgebrochen: "Miit der Deinstallation verliere ich den kostenlosen, aktuellen und persönlichen Schutz vor Phishing Attacken". Soll ich das Programm trotz dieser Meldung deinstallieren?

Anbei Inhalt der Logdatei aus AdwCleaner:AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.303 - Datei am 19/06/2013 um 00:33:39 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Oli - TSITSIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oli\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Oli\AppData\Local\APN
Ordner Gelöscht : C:\Users\Oli\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Oli\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Oli\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\a5388d9b03fbe12
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Oli\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8163 octets] - [19/06/2013 00:33:39]

########## EOF - C:\AdwCleaner[S1].txt - [8223 octets] ##########
         

--- --- ---

b
java, passt
Web.de kann weg
Hitman Pro - Download - Filepony
Hitmanpro laden, doppelklicken, scan klicken.
Nichts löschen, weiter klicken. Log speichern und posten, bzw als xml exportieren, packen und anhängen

Habe web.de Mail check sowie die erneut installierten Google Chrome und Google Toolbar deinstalliert.

Anbei Logdatei von HitmanPro:

Code: Alles auswählenAufklappen

ATTFilter

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : TSITSIS-PC
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : Tsitsis-PC\Oli
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-19 11:48:06
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 58s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 7
   Traces  . . . . . . . : 29

   Objects scanned . . . : 1.747.897
   Files scanned . . . . : 33.303
   Remnants scanned  . . : 474.557 files / 1.240.037 keys

Malware _____________________________________________________________________

   C:\_OTL\MovedFiles\06152013_144857\C_ProgramData\AEF6D49D3B9B43BC0000AEF625AC48EF\AEF6D49D3B9B43BC0000AEF625AC48EF.exe
      Size . . . . . . . : 438.272 bytes
      Age  . . . . . . . : 6.9 days (2013-06-12 14:59:13)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : A1722FCB5120E281E0A6BDD1B2CB23ED2C6253260E20E4ADB851DEA4AC3385D1
    > G Data . . . . . . : Trojan.Generic.9238908
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
          0.0s C:\_OTL\MovedFiles\06152013_144857\C_ProgramData\AEF6D49D3B9B43BC0000AEF625AC48EF\AEF6D49D3B9B43BC0000AEF625AC48EF.exe
          0.0s C:\_OTL\MovedFiles\06152013_144857\C_ProgramData\AEF6D49D3B9B43BC0000AEF625AC48EF\AEF6D49D3B9B43BC0000AEF625AC48EF.ico


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-3876124531-570904608-61060185-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)

Cookies _____________________________________________________________________

   C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Cookies\JNYFBY3P.txt
   C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Cookies\RB9VGB0R.txt
         

ok, alle Funde löschen, neues otl log

Habe Funde gelöscht, anbei OTL Log.

Bekommen wir den Vorgang noch bereinigt vor deinem Urlaub, damit ich den Rechner wieder uneingeschränkt nutzen kann? :-))OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 19.06.2013 22:54:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oli\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 43,72% Memory free
6,19 Gb Paging File | 4,55 Gb Available in Paging File | 73,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,40 Gb Total Space | 20,46 Gb Free Space | 9,00% Space Free | Partition Type: NTFS
 
Computer Name: TSITSIS-PC | User Name: Oli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.06.19 11:48:06 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Programme\HitmanPro\hmpsched.exe
PRC - [2013.06.18 23:53:13 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013.06.14 14:11:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oli\Desktop\OTL.exe
PRC - [2013.05.17 01:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.07 13:34:10 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.01 13:28:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.01 13:28:32 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.01 13:28:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.11 11:56:48 | 000,603,664 | ---- | M] (Soluto) -- C:\Programme\Soluto\SolutoService.exe
PRC - [2012.09.11 11:56:46 | 001,161,248 | ---- | M] (Soluto) -- C:\Programme\Soluto\Soluto.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.27 12:01:26 | 000,148,768 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008.10.27 12:01:22 | 000,431,392 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2008.10.27 12:01:20 | 000,238,880 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008.10.27 12:01:18 | 000,116,000 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008.10.27 11:28:06 | 000,565,248 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008.06.06 18:26:38 | 000,520,192 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008.03.14 11:08:38 | 000,054,560 | ---- | M] (Lenovo.) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2008.03.11 14:33:02 | 000,054,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.11.29 19:43:44 | 000,841,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\password_manager.exe
PRC - [2007.11.29 18:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.06.05 17:11:28 | 000,034,352 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMHandler.exe
PRC - [2007.04.26 19:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2007.03.29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2007.03.16 05:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe
PRC - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Programme\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Programme\Pure Networks\Network Magic\nmapp.exe
PRC - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006.12.14 11:11:00 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2006.11.23 15:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe
PRC - [2006.11.07 12:51:20 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 12:42:45 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\f5b925c76387b489402e5422fbc2a858\PCGRSPProbe.ni.dll
MOD - [2013.05.16 12:42:44 | 000,067,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\371859c98d5518b1dae1a45e8fb256e8\PCGUsersCenter.ni.dll
MOD - [2013.05.16 12:42:43 | 000,177,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\f5961906868f7e671bb57e0bdce2a737\PCGAppControlPluginLoader.ni.dll
MOD - [2013.05.16 12:42:41 | 004,284,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\20952b18a7ab40263532e0daddadea32\PCGClientCommon.ni.dll
MOD - [2013.05.16 12:42:32 | 000,198,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\5df02c694cf9a9aecc80f71491e5453f\PCGBootVisualizingCommon.ni.dll
MOD - [2013.05.16 12:42:30 | 000,259,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\8ad5b257bb6f3c452a06f083adb54184\PCGDriverProbe.ni.dll
MOD - [2013.05.16 12:41:53 | 000,068,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\5d7b01af7c3de441af59d0f429ff990b\PCGConfiguration.ni.dll
MOD - [2013.05.16 12:41:51 | 003,940,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\31a5f6203dcd463b1a681bec3945108f\PCGDatabase.ni.dll
MOD - [2013.05.16 12:41:44 | 001,512,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\09b1c799d0de98e28f6e1e8807692992\PCGAzureShared.ni.dll
MOD - [2013.05.16 12:41:42 | 001,303,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\57e78d79ae3c6f2804463db322999ed7\PCGCommunication.ni.dll
MOD - [2013.05.16 12:41:29 | 000,259,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\98d2d490d0ab4f9a64b8476fb1822ce3\PCGPrestoSerializer.ni.dll
MOD - [2013.05.16 12:41:28 | 002,128,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\12908616c04dd1fa8058d0dbfb4362cd\Newtonsoft.Json.Net35.ni.dll
MOD - [2013.05.16 12:41:22 | 002,748,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\757e81bf783288030001f862d6074279\PCGFramework.ni.dll
MOD - [2013.05.16 12:41:16 | 001,588,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Soluto\920a53b5c94d926cff7bec5fbf0915d4\Soluto.ni.exe
MOD - [2013.05.16 12:40:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013.05.16 12:09:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013.05.16 12:07:31 | 002,516,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7fcd3375c9334b5274ad49b8e544f7a3\System.Data.Linq.ni.dll
MOD - [2013.05.16 12:07:01 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9eaee4d23dd3ddfafd199b70b21bf781\System.Core.ni.dll
MOD - [2013.05.15 19:16:06 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.05.15 19:15:56 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.02.19 00:20:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\829437ef3f4509d27a59b16f7534191a\PCGHIDProbe.ni.dll
MOD - [2013.02.19 00:19:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll
MOD - [2013.02.19 00:19:30 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013.01.12 20:29:11 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\14850aef08b8af036fd6f1e5b38a3719\CustomMarshalers.ni.dll
MOD - [2013.01.12 20:25:10 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\be7e9d179601b68d944bca0774562154\CustomMarshalers.ni.dll
MOD - [2013.01.12 20:24:07 | 000,656,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\e65857c63e849428caba5c3607c59625\PCGPostBootResources.ni.dll
MOD - [2013.01.12 20:24:05 | 002,327,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\62b11026a58c1408c9eec0d55a2a75d9\Community.CsharpSqlite.ni.dll
MOD - [2013.01.12 20:24:04 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\88dfe50610ee6155becb89a35a132c81\PCGWuInfo.ni.dll
MOD - [2013.01.12 20:24:03 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\ad292bc3b38c17af2b2c4ca672fd9ce2\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2013.01.12 20:23:48 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\8d677e033b6e5525f134b791b7863ac2\PCGAzureEntityFramework.ni.dll
MOD - [2013.01.12 20:23:43 | 002,845,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\5f0dd94fc192396de48fd5c1f82abf2e\PCGPreCompiled.ni.dll
MOD - [2013.01.12 20:23:31 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\1c0644c08cb1b84f0c9eb3678f734e7c\Ionic.Zip.Reduced.ni.dll
MOD - [2013.01.12 19:59:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.12 19:58:52 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.12 19:58:32 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll
MOD - [2013.01.12 19:57:28 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.12 19:50:30 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2013.01.12 19:40:22 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.12 19:40:13 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.12 19:39:52 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.12 19:39:45 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.10.05 12:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.09.11 11:51:44 | 000,093,184 | ---- | M] () -- C:\Programme\Soluto\PCGDllExportInspector.dll
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.05.22 00:32:14 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2009.03.30 06:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2007.04.14 15:30:56 | 000,139,264 | ---- | M] () -- C:\Programme\Common Files\Lenovo\CDRecord.dll
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006.05.24 13:33:32 | 000,024,576 | ---- | M] () -- C:\Programme\Lenovo\PM Driver\PMHlerIO.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.19 11:48:06 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013.06.18 23:53:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 18:23:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.02 16:18:29 | 000,296,448 | ---- | M] () [Auto | Stopped] -- C:\Programme\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013.04.01 13:28:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 13:28:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.11 11:56:48 | 000,603,664 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.06.13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.09.23 01:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008.10.27 12:01:20 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008.10.27 12:01:18 | 000,116,000 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008.06.06 18:26:38 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008.05.07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.03.14 11:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.11.29 18:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.03.16 05:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Programme\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007.03.14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Programme\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [On_Demand | Stopped] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013.04.01 13:28:39 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.01 13:28:39 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.01 13:28:39 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.11 11:51:28 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Soluto.sys -- (Soluto)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.12.31 03:04:30 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008.05.12 19:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.04.12 09:44:37 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.02.22 16:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.06.16 21:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.19 02:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.09 14:34:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2006.11.08 09:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.06 10:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A03ED460-C02F-432E-9342-F6FD4A58F8FE}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo laptops - ThinkPads & IdeaPad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{39878658-3752-4733-BB04-5F9C10238C2B}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{3B5949CE-17C6-4019-8D6C-909A620E2BC1}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{65850DB7-5761-4F85-8ECE-3BB23CB0AAE3}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{A03ED460-C02F-432E-9342-F6FD4A58F8FE}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKCU\..\SearchScopes\{A5BEED6C-FE8D-4955-B794-A47999048803}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{AFBA95A4-CF86-49DC-A67D-4E207B28DA29}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{C45A5A1F-F6E8-4B8D-892C-55093C78D74D}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{D95DC870-3FB7-483B-9726-85C0FE205A6E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=bd407759-ed6e-4325-ad99-47f37c1ffaae&apn_sauid=98DFC086-8889-40FB-83F9-7DB7F4C5957A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 14:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 14:29:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.01.02 00:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\mozilla\Extensions
[2010.08.26 23:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.19 00:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013.06.15 16:00:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544936.dll (PC-Doctor, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - Startup: C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7094888-3555-4B22-BC73-07B5799030A6}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.19 22:53:08 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.19 11:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.06.19 11:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.06.19 11:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.19 11:45:27 | 009,171,472 | ---- | C] (SurfRight B.V.) -- C:\Users\Oli\Desktop\HitmanPro.exe
[2013.06.15 20:36:28 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Oli\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.15 17:24:02 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Local\temp
[2013.06.15 17:13:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.15 16:00:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.15 15:48:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.15 15:48:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.15 15:48:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.15 15:48:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.15 15:47:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.15 15:47:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.15 15:46:28 | 005,080,197 | R--- | C] (Swearware) -- C:\Users\Oli\Desktop\ComboFix.exe
[2013.06.15 15:21:13 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Oli\Desktop\tdsskiller.exe
[2013.06.15 14:48:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.14 14:11:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oli\Desktop\OTL.exe
[2013.06.14 13:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.14 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.10 14:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.10 14:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 22:53:08 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.19 22:53:08 | 000,000,314 | ---- | M] () -- C:\Windows\System32\bootdelete.lst
[2013.06.19 22:50:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.19 22:49:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 22:49:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 22:49:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 11:48:06 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.19 11:45:32 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Users\Oli\Desktop\HitmanPro.exe
[2013.06.19 00:37:00 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.06.19 00:36:50 | 000,025,311 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2013.06.19 00:36:11 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2013.06.19 00:36:01 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.19 00:34:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.19 00:32:36 | 000,648,201 | ---- | M] () -- C:\Users\Oli\Desktop\adwcleaner.exe
[2013.06.19 00:00:42 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.15 20:36:33 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Oli\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.15 16:00:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.15 15:47:04 | 005,080,197 | R--- | M] (Swearware) -- C:\Users\Oli\Desktop\ComboFix.exe
[2013.06.15 15:21:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Oli\Desktop\tdsskiller.exe
[2013.06.15 13:42:09 | 000,000,000 | ---- | M] () -- C:\Users\Oli\defogger_reenable
[2013.06.15 13:41:06 | 000,050,477 | ---- | M] () -- C:\Users\Oli\Desktop\Defogger.exe
[2013.06.14 14:11:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oli\Desktop\OTL.exe
[2013.06.12 13:38:09 | 000,008,790 | ---- | M] () -- C:\Users\Oli\Documents\cc_20130612_133805.reg
[2013.06.12 13:37:48 | 000,016,178 | ---- | M] () -- C:\Users\Oli\Documents\cc_20130612_133728.reg
[2013.06.10 14:22:01 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.08 16:28:40 | 000,000,393 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[2013.06.04 17:32:02 | 000,269,890 | ---- | M] () -- C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
[2013.05.29 18:15:14 | 000,333,798 | ---- | M] () -- C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
[2013.05.27 14:28:35 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.27 14:07:12 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.19 22:53:08 | 000,000,314 | ---- | C] () -- C:\Windows\System32\bootdelete.lst
[2013.06.19 11:48:06 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.19 00:32:28 | 000,648,201 | ---- | C] () -- C:\Users\Oli\Desktop\adwcleaner.exe
[2013.06.19 00:00:42 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.06.19 00:00:42 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.18 23:53:22 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.15 15:48:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.15 15:48:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.15 15:48:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.15 15:48:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.15 15:48:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.15 13:42:09 | 000,000,000 | ---- | C] () -- C:\Users\Oli\defogger_reenable
[2013.06.15 13:41:02 | 000,050,477 | ---- | C] () -- C:\Users\Oli\Desktop\Defogger.exe
[2013.06.12 13:38:07 | 000,008,790 | ---- | C] () -- C:\Users\Oli\Documents\cc_20130612_133805.reg
[2013.06.12 13:37:37 | 000,016,178 | ---- | C] () -- C:\Users\Oli\Documents\cc_20130612_133728.reg
[2013.06.10 14:22:01 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.04 17:32:01 | 000,269,890 | ---- | C] () -- C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
[2013.05.28 15:26:22 | 000,333,798 | ---- | C] () -- C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
[2013.05.27 14:28:35 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.09.17 22:24:15 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\FDB9BCFACE.sys
[2012.05.20 17:07:32 | 000,003,584 | ---- | C] () -- C:\Users\Oli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.09 19:38:06 | 000,140,386 | ---- | C] () -- C:\Users\Oli\Steuer 2009-22.xps
[2011.10.09 19:37:55 | 000,180,768 | ---- | C] () -- C:\Users\Oli\Steuer 2009-21.xps
[2011.10.09 19:37:46 | 000,140,386 | ---- | C] () -- C:\Users\Oli\Steuer 2009-20.xps
[2011.10.09 19:37:34 | 000,180,526 | ---- | C] () -- C:\Users\Oli\Steuer 2009-19.xps
[2011.10.09 19:37:25 | 000,119,037 | ---- | C] () -- C:\Users\Oli\Steuer 2009-18.xps
[2011.10.09 19:37:15 | 000,126,681 | ---- | C] () -- C:\Users\Oli\Steuer 2009-17.xps
[2011.10.09 19:37:06 | 000,117,028 | ---- | C] () -- C:\Users\Oli\Steuer 2009-16.xps
[2011.10.09 19:36:56 | 000,134,148 | ---- | C] () -- C:\Users\Oli\Steuer 2009-15.xps
[2011.10.09 19:36:45 | 000,141,433 | ---- | C] () -- C:\Users\Oli\Steuer 2009-14.xps
[2011.10.09 19:36:28 | 000,144,882 | ---- | C] () -- C:\Users\Oli\Steuer 2009-13.xps
[2011.10.09 19:36:19 | 000,126,637 | ---- | C] () -- C:\Users\Oli\Steuer 2009-12.xps
[2011.10.09 19:36:11 | 000,121,118 | ---- | C] () -- C:\Users\Oli\Steuer 2009-11.xps
[2011.10.09 19:36:02 | 000,116,354 | ---- | C] () -- C:\Users\Oli\Steuer 2009-10.xps
[2011.10.09 19:35:52 | 000,133,883 | ---- | C] () -- C:\Users\Oli\Steuer 2009-9.xps
[2011.10.09 19:35:42 | 000,141,244 | ---- | C] () -- C:\Users\Oli\Steuer 2009-8.xps
[2011.10.09 19:35:31 | 000,144,818 | ---- | C] () -- C:\Users\Oli\Steuer 2009-7.xps
[2011.10.09 19:35:20 | 000,125,025 | ---- | C] () -- C:\Users\Oli\Steuer 2009-6.xps
[2011.10.09 19:35:07 | 000,142,014 | ---- | C] () -- C:\Users\Oli\Steuer 2009-5.xps
[2011.10.09 19:34:54 | 000,145,534 | ---- | C] () -- C:\Users\Oli\V-4.xps
[2011.10.09 19:34:41 | 000,122,916 | ---- | C] () -- C:\Users\Oli\Steuer 2009-3.xps
[2011.10.09 19:34:31 | 000,143,199 | ---- | C] () -- C:\Users\Oli\Steuer 2009-2.xps
[2011.10.09 19:34:09 | 000,141,829 | ---- | C] () -- C:\Users\Oli\Steuer 2009-1.xps
[2011.10.09 19:33:48 | 000,144,729 | ---- | C] () -- C:\Users\Oli\Steuer 2009.xps
[2011.10.09 19:33:20 | 000,117,435 | ---- | C] () -- C:\Users\Oli\Steuererklärung 2009 Unterlagen für FA.xps
[2011.01.30 01:51:52 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.06.10 20:33:20 | 000,010,599 | ---- | C] () -- C:\Users\Oli\OliverTsitsiganos_Tsitsi_elster_2048.pfx
[2010.04.11 11:59:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.08 19:46:23 | 000,007,355 | ---- | C] () -- C:\Users\Oli\SharePodSettings.xml
[2008.12.14 15:40:50 | 000,001,356 | ---- | C] () -- C:\Users\Oli\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2009.04.17 00:05:44 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.24 18:35:55 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\1&1 Mail & Media GmbH
[2013.05.12 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Acinwa
[2011.01.02 00:44:40 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Auslogics
[2011.01.02 00:44:40 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\CheckPoint
[2009.05.31 15:44:48 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Downloaded Installations
[2013.05.10 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Geqoo
[2009.12.29 01:16:54 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Haufe
[2013.06.18 23:21:27 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Internet-Radio Player
[2013.02.18 23:44:07 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\IrfanView
[2012.07.31 23:49:12 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\kock
[2012.12.27 00:11:56 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Leadertech
[2009.06.08 22:28:47 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Lenovo
[2009.12.29 00:48:03 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Lexware
[2011.01.02 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Nokia
[2011.01.02 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Nokia Ovi Suite
[2013.02.08 02:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\OpenOffice.org
[2011.01.02 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\PC Suite
[2011.01.02 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\SharePod
[2013.05.10 14:51:27 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Siutve
[2011.01.02 01:11:47 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Thunderbird
[2012.09.17 23:11:50 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\TuneUp Software
[2012.08.02 22:47:33 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\UAs
[2010.08.04 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Update
[2012.08.02 22:47:33 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---

Hi,

Markus ist im Urlaub. Gibt es noch irgendwelche Probleme mit dem System?

Hallo Schrauber,

vielen Dank, dass Du in Urlaubsabsesenheit von Markus übernimmst.

Ich kann keine offensichtlichen Probleme mit dem System feststellen, weiss aber nicht, ob der Vorgang zur Beseitigung der Malware abgeschlossen ist.

Beim starten des PC erscheinen folgende Meldungen:

- Hinweis: Ein nicht identifizierbares Programm möchte auf den Computer zugreifen. Zugriff auf "SoftwareUpdater.Ui.exe" zulassen oder abbrechen, habe abgebrochen.
- Das zuletzt installierte Programm HitmanPro führt automatisch einen Schnellscan durch.
- Das installierte Programm Soluto meldet: maintenance crashed - No solution yet.

Zudem habe ich durch die Anweisungen von Markus noch folgende Programme installiert:
- adwCleaner
- ComboFix
- defogger
- HitmanPro
- Malwarebytes
- OTL
- tdsskiller

Werden diese noch benötigt?

VG
Oli

Die Programme entfernen wir am Schluss.

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Scan.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Anbei die gewünschten Logdateien:

FRST.txt:
FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2013 01
Ran by Oli (administrator) on 21-06-2013 14:27:19
Running from C:\Users\Oli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HG6WRYP9
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo.) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Soluto) C:\Program Files\Soluto\soluto.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMHandler.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
(Corel, Inc.) C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
(Cyberlink Corp.) C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [34352 2007-06-05] (Lenovo)
HKLM\...\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54560 2008-03-11] (Lenovo Group Limited)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-06-06] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [120368 2007-04-26] (Lenovo Group Limited)
HKLM\...\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [217176 2006-11-15] (Diskeeper Corporation)
HKLM\...\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [478800 2006-12-14] (Corel, Inc.)
HKLM\...\Run: [RemoteControl] "C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM\...\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [321088 2007-03-14] (Pure Networks, Inc.)
HKLM\...\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431392 2008-10-27] (Lenovo)
HKLM\...\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [148768 2008-10-27] (Lenovo)
HKLM\...\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent [2872632 2007-11-29] (Lenovo Group Limited)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1161248 2012-09-11] (Soluto)
Startup: C:\ProgramData\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\LenovoRegistration.lnk
ShortcutTarget: LenovoRegistration.lnk -> C:\SWTOOLS\LenovoWelcome\LenovoRegistration.cmd ()
Startup: C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
SearchScopes: HKLM - {A03ED460-C02F-432E-9342-F6FD4A58F8FE} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - {39878658-3752-4733-BB04-5F9C10238C2B} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {3B5949CE-17C6-4019-8D6C-909A620E2BC1} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {65850DB7-5761-4F85-8ECE-3BB23CB0AAE3} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKCU - {A03ED460-C02F-432E-9342-F6FD4A58F8FE} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - {A5BEED6C-FE8D-4955-B794-A47999048803} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {AFBA95A4-CF86-49DC-A67D-4E207B28DA29} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
SearchScopes: HKCU - {C45A5A1F-F6E8-4B8D-892C-55093C78D74D} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {D95DC870-3FB7-483B-9726-85C0FE205A6E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=bd407759-ed6e-4325-ad99-47f37c1ffaae&apn_sauid=98DFC086-8889-40FB-83F9-7DB7F4C5957A
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544936.dll (PC-Doctor, Inc.)
Toolbar: HKCU -No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value - 
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-01] (Avira Operations GmbH & Co. KG)
S3 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation)
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54560 2008-03-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-06-19] (SurfRight B.V.)
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 nmraapache; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [12800 2007-03-14] (Pure Networks, Inc.)
R2 nmservice; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [321088 2007-03-14] (Pure Networks, Inc.)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2007-03-16] (Lenovo)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-20] ()
R2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [603664 2012-09-11] (Soluto)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited)
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [296448 2013-05-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2007-11-29] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-06-06] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-06-06] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2012-09-11] (Soluto LTD.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Vsdatant; system32\DRIVERS\vsdatant.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-21 14:26 - 2013-06-21 14:26 - 00000000 ____D C:\FRST
2013-06-21 14:25 - 2013-06-21 14:25 - 01369429 ____A (Farbar) C:\Users\Oli\Desktop\FRST.exe
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setupact.log
2013-06-21 11:57 - 2013-06-21 11:57 - 00003472 ____A C:\Windows\PFRO.log
2013-06-19 23:02 - 2013-06-19 23:02 - 00107508 ____A C:\Users\Oli\Desktop\OTL.Txt
2013-06-19 22:53 - 2013-06-19 22:53 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-19 11:53 - 2013-06-19 11:53 - 00003952 ____A C:\Users\Oli\Desktop\HitmanPro_20130619_1153.log
2013-06-19 11:48 - 2013-06-19 11:48 - 00001754 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-06-19 11:48 - 2013-06-19 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-19 11:45 - 2013-06-19 22:53 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-19 11:45 - 2013-06-19 11:45 - 09171472 ____A (SurfRight B.V.) C:\Users\Oli\Desktop\HitmanPro.exe
2013-06-19 00:33 - 2013-06-19 00:33 - 00008292 ____A C:\AdwCleaner[S1].txt
2013-06-19 00:32 - 2013-06-19 00:32 - 00648201 ____A C:\Users\Oli\Desktop\adwcleaner.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-19 00:00 - 2013-06-19 00:00 - 00001902 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-18 23:53 - 2013-06-21 13:39 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 23:53 - 2013-06-18 23:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-18 23:53 - 2013-06-18 23:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-17 21:20 - 2013-06-17 21:45 - 00018232 ____A C:\Users\Oli\Desktop\install.txt
2013-06-15 20:36 - 2013-06-15 20:36 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Oli\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-15 20:03 - 2013-06-15 20:03 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-15 17:24 - 2013-06-15 17:24 - 00020966 ____A C:\ComboFix.txt
2013-06-15 15:48 - 2013-06-15 17:24 - 00000000 ____D C:\ComboFix
2013-06-15 15:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-15 15:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-15 15:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-15 15:47 - 2013-06-15 17:24 - 00000000 ____D C:\Qoobox
2013-06-15 15:47 - 2013-06-15 17:19 - 00000000 ____D C:\Windows\erdnt
2013-06-15 15:46 - 2013-06-15 15:47 - 05080197 ____R (Swearware) C:\Users\Oli\Desktop\ComboFix.exe
2013-06-15 15:21 - 2013-06-15 15:21 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Oli\Desktop\tdsskiller.exe
2013-06-15 14:48 - 2013-06-15 15:07 - 00000000 ____D C:\_OTL
2013-06-15 14:00 - 2013-06-15 14:00 - 00069998 ____A C:\Users\Oli\Desktop\Extras.Txt
2013-06-15 13:42 - 2013-06-15 13:42 - 00000468 ____A C:\Users\Oli\Desktop\defogger_disable.log
2013-06-15 13:42 - 2013-06-15 13:42 - 00000000 ____A C:\Users\Oli\defogger_reenable
2013-06-15 13:41 - 2013-06-15 13:41 - 00050477 ____A C:\Users\Oli\Desktop\Defogger.exe
2013-06-14 14:11 - 2013-06-14 14:11 - 00602112 ____A (OldTimer Tools) C:\Users\Oli\Desktop\OTL.exe
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-13 11:51 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 11:51 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 11:51 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 11:51 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 11:51 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 11:51 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 11:51 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 11:51 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 11:51 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 11:51 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 11:51 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 11:51 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 11:50 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 11:50 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 11:50 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 11:50 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 14:57 - 2013-06-12 14:57 - 00013584 ____A C:\Users\Oli\Desktop\hs_err_pid10352.log
2013-06-12 13:38 - 2013-06-12 13:38 - 00008790 ____A C:\Users\Oli\Documents\cc_20130612_133805.reg
2013-06-12 13:37 - 2013-06-12 13:37 - 00016178 ____A C:\Users\Oli\Documents\cc_20130612_133728.reg
2013-06-12 12:49 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:49 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 12:49 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 12:49 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:49 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:49 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:49 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-10 14:22 - 2013-06-10 14:22 - 00001674 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-10 14:21 - 2013-06-10 14:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-07 12:37 - 2013-06-07 12:37 - 00013489 ____A C:\Users\Oli\Desktop\hs_err_pid4268.log
2013-06-04 17:32 - 2013-06-04 17:32 - 00269890 ____A C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
2013-05-28 15:26 - 2013-06-20 21:16 - 00351450 ____A C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
2013-05-27 14:28 - 2013-05-27 14:28 - 00001736 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-22 18:06 - 2013-05-22 18:08 - 00019968 ____A C:\Users\Oli\Documents\Fußball_TSV Mühlhausen_AH-Adressen.xls

==================== One Month Modified Files and Folders ========

2013-06-21 14:26 - 2013-06-21 14:26 - 00000000 ____D C:\FRST
2013-06-21 14:25 - 2013-06-21 14:25 - 01369429 ____A (Farbar) C:\Users\Oli\Desktop\FRST.exe
2013-06-21 13:57 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-21 13:57 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-21 13:39 - 2013-06-18 23:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setupact.log
2013-06-21 12:02 - 2008-08-16 08:26 - 01173558 ____A C:\Windows\WindowsUpdate.log
2013-06-21 11:58 - 2012-03-04 18:27 - 00000438 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-21 11:57 - 2013-06-21 11:57 - 00003472 ____A C:\Windows\PFRO.log
2013-06-21 11:57 - 2007-08-16 12:28 - 00025311 ____A C:\Windows\System32\PROCDB.INI
2013-06-21 11:57 - 2007-08-16 12:28 - 00000380 ____A C:\Windows\System32\IPSCtrl.INI
2013-06-21 11:57 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-21 11:55 - 2008-08-16 08:27 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-21 11:55 - 2006-11-02 15:01 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-20 21:16 - 2013-05-28 15:26 - 00351450 ____A C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
2013-06-19 23:02 - 2013-06-19 23:02 - 00107508 ____A C:\Users\Oli\Desktop\OTL.Txt
2013-06-19 22:53 - 2013-06-19 22:53 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-19 22:53 - 2013-06-19 11:45 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-19 12:05 - 2008-08-16 09:10 - 00000000 ____D C:\Program Files\Google
2013-06-19 12:00 - 2008-12-14 23:44 - 00000000 ____D C:\Users\Oli\AppData\Local\Google
2013-06-19 11:53 - 2013-06-19 11:53 - 00003952 ____A C:\Users\Oli\Desktop\HitmanPro_20130619_1153.log
2013-06-19 11:48 - 2013-06-19 11:48 - 00001754 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-06-19 11:48 - 2013-06-19 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-19 11:45 - 2013-06-19 11:45 - 09171472 ____A (SurfRight B.V.) C:\Users\Oli\Desktop\HitmanPro.exe
2013-06-19 11:43 - 2008-12-14 23:33 - 00000000 ____D C:\ProgramData\Google
2013-06-19 00:33 - 2013-06-19 00:33 - 00008292 ____A C:\AdwCleaner[S1].txt
2013-06-19 00:32 - 2013-06-19 00:32 - 00648201 ____A C:\Users\Oli\Desktop\adwcleaner.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-19 00:13 - 2012-08-01 10:19 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-19 00:13 - 2012-01-16 16:17 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-19 00:13 - 2008-08-16 08:59 - 00000000 ____D C:\Program Files\Java
2013-06-19 00:05 - 2008-08-16 08:48 - 00000000 ____D C:\ProgramData\Adobe
2013-06-19 00:02 - 2008-12-14 15:47 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Adobe
2013-06-19 00:01 - 2008-12-21 19:07 - 00000000 ____D C:\Users\Oli\AppData\Local\Adobe
2013-06-19 00:00 - 2013-06-19 00:00 - 00001902 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-19 00:00 - 2008-12-21 19:15 - 00000000 ____D C:\Program Files\Adobe
2013-06-19 00:00 - 2008-08-16 08:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-18 23:53 - 2013-06-18 23:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-18 23:53 - 2013-06-18 23:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-18 23:21 - 2009-12-27 23:29 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Internet-Radio Player
2013-06-17 21:45 - 2013-06-17 21:20 - 00018232 ____A C:\Users\Oli\Desktop\install.txt
2013-06-15 20:36 - 2013-06-15 20:36 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Oli\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-15 20:03 - 2013-06-15 20:03 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-15 17:24 - 2013-06-15 17:24 - 00020966 ____A C:\ComboFix.txt
2013-06-15 17:24 - 2013-06-15 15:48 - 00000000 ____D C:\ComboFix
2013-06-15 17:24 - 2013-06-15 15:47 - 00000000 ____D C:\Qoobox
2013-06-15 17:24 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default
2013-06-15 17:24 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-06-15 17:19 - 2013-06-15 15:47 - 00000000 ____D C:\Windows\erdnt
2013-06-15 17:13 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini
2013-06-15 16:02 - 2006-11-02 12:22 - 62652416 ____A C:\Windows\System32\config\software.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 36175872 ____A C:\Windows\System32\config\COMPON~1.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 21233664 ____A C:\Windows\System32\config\system.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\default.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 00061440 ____A C:\Windows\System32\config\sam.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 00020480 ____A C:\Windows\System32\config\security.bak
2013-06-15 15:47 - 2013-06-15 15:46 - 05080197 ____R (Swearware) C:\Users\Oli\Desktop\ComboFix.exe
2013-06-15 15:21 - 2013-06-15 15:21 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Oli\Desktop\tdsskiller.exe
2013-06-15 15:07 - 2013-06-15 14:48 - 00000000 ____D C:\_OTL
2013-06-15 14:25 - 2012-12-21 02:03 - 00000000 ____D C:\Users\Oli\AppData\Local\DoNotTrackPlus
2013-06-15 14:00 - 2013-06-15 14:00 - 00069998 ____A C:\Users\Oli\Desktop\Extras.Txt
2013-06-15 13:42 - 2013-06-15 13:42 - 00000468 ____A C:\Users\Oli\Desktop\defogger_disable.log
2013-06-15 13:42 - 2013-06-15 13:42 - 00000000 ____A C:\Users\Oli\defogger_reenable
2013-06-15 13:42 - 2008-12-14 15:40 - 00000000 ____D C:\users\Oli
2013-06-15 13:41 - 2013-06-15 13:41 - 00050477 ____A C:\Users\Oli\Desktop\Defogger.exe
2013-06-14 14:11 - 2013-06-14 14:11 - 00602112 ____A (OldTimer Tools) C:\Users\Oli\Desktop\OTL.exe
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-13 12:18 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 11:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 11:46 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 14:57 - 2013-06-12 14:57 - 00013584 ____A C:\Users\Oli\Desktop\hs_err_pid10352.log
2013-06-12 13:38 - 2013-06-12 13:38 - 00008790 ____A C:\Users\Oli\Documents\cc_20130612_133805.reg
2013-06-12 13:37 - 2013-06-12 13:37 - 00016178 ____A C:\Users\Oli\Documents\cc_20130612_133728.reg
2013-06-10 14:22 - 2013-06-10 14:22 - 00001674 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-10 14:21 - 2013-06-10 14:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-10 14:21 - 2010-06-18 23:16 - 00000000 ____D C:\Program Files\iTunes
2013-06-10 14:21 - 2010-06-18 23:16 - 00000000 ____D C:\Program Files\iPod
2013-06-08 16:28 - 2009-03-13 11:49 - 00000393 ____A C:\Users\Public\Documents\BluetoothLog.html
2013-06-07 12:37 - 2013-06-07 12:37 - 00013489 ____A C:\Users\Oli\Desktop\hs_err_pid4268.log
2013-06-04 17:32 - 2013-06-04 17:32 - 00269890 ____A C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
2013-05-27 18:50 - 2012-10-04 20:37 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-05-27 14:29 - 2010-04-01 20:12 - 00000000 ____D C:\Program Files\QuickTime
2013-05-27 14:28 - 2013-05-27 14:28 - 00001736 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-27 14:07 - 2009-03-11 01:18 - 00000000 ____A C:\Users\Public\Documents\AcSvc.dmp
2013-05-22 18:08 - 2013-05-22 18:06 - 00019968 ____A C:\Users\Oli\Documents\Fußball_TSV Mühlhausen_AH-Adressen.xls

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-21 12:23

==================== End Of Log ============================
         

--- --- ---

Addition.txt:FRST Additions Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2013 01
Ran by Oli at 2013-06-21 14:27:56 Run:
Running from C:\Users\Oli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HG6WRYP9
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Access Help (Version: 2.00)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Agere Systems HDA Modem
Anzeige am Bildschirm (Version: 5.32.00)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 13.0.0.3640)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 10.15.06)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1)
CCleaner (Version: 2.27)
Client Security - Password Manager (Version: 8.10.0006.00)
Corel Snapfire Plus (Version: 1.10.0000)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diskeeper Home (Version: 9.0.545)
EPSON-Drucker-Software
Ergänzung zu Lenovo Care (Version: 2.00)
Haufe iDesk-Service (Version: 8.08.20.5622)
Help Center (Version: 2.00c)
HitmanPro 3.7 (Version: 3.7.6.201)
iCloud (Version: 2.1.2.8)
Integrated Camera (Version: 5.8.8.012)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JNLP
Junk Mail filter update (Version: 15.4.3502.0922)
Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900 (Version: 6.0.1.4900)
Lenovo Care (Version: 2.10)
Lenovo Fingerprint Software (Version: 1.1.0.21)
Lenovo Multimedia Center
Lenovo PM Driver (Version: 0.63.1.6)
Lenovo Registration
Lenovo System Interface Driver (Version: 1.01)
Lenovo ThinkVantage Toolbox (Version: 6.0.5449.37)
Lexware Info Service (Version: 2.90.00.0009)
Maintenance Manager (Version: 3.0.5.0)
Mesh Runtime (Version: 15.4.5722.2)
Message Center (Version: 2.01b)
Message Center Plus (Version: 2.0.0012.00)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Maintenance Service (Version: 17.0.6)
Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NAVIGON Fresh 3.3.1 (Version: 3.3.1)
Network Magic (Version: 4.1.7082.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PM Driver (Version: 0.63.1.6)
Power Ux Customization (Version: 1.00.0000)
Präsentationsdirektor (Version: 4.08)
QuickSteuer 2009 SE (Version: 15.00.00.0033)
QuickSteuer 2010 SE (Version: 16.14.00.0001)
QuickSteuer 2011 (Version: 17.08.00.0006)
QuickSteuer 2012 (Version: 18.09.00.0003)
QuickSteuer 2013 (Version: 19.06.00.0003)
QuickSteuer Wissens-Center 2009 (Version: 15.0.1.0)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5391)
Registry patch for Windows Vista USB S3 PM Enablement (Version: 1.00)
Rescue and Recovery (Version: 4.21.0015.00)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33 (Version: 3.33.01)
Segoe UI (Version: 15.4.2271.0615)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
Soluto (Version: 1.3.979.0)
Steuer Update 15.09 (Version: 15.09)
Synaptics Pointing Device Driver (Version: 9.0.3.0)
System Migration Assistant (Version: 6.00.0009)
System Update (Version: 3.15.0017)
ThinkVantage Access Connections (Version: 5.12)
ThinkVantage Technologies Welcome Message (Version: 1.21)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.73)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.5000.00)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Wallpapers
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordPerfect Office X3
WordPerfect Office X3 (Version: 13.2)

==================== Restore Points  =========================

12-06-2013 12:59:02 Windows Defender Checkpoint
13-06-2013 09:35:17 Windows Update
14-06-2013 10:13:23 Geplanter Prüfpunkt
14-06-2013 11:13:17 Installed SpyHunter
15-06-2013 16:42:04 Geplanter Prüfpunkt
15-06-2013 18:02:28 Removed SpyHunter
16-06-2013 10:59:21 Geplanter Prüfpunkt
17-06-2013 09:20:04 Geplanter Prüfpunkt
18-06-2013 08:43:37 Geplanter Prüfpunkt
18-06-2013 08:49:58 Windows Update
18-06-2013 21:10:53 Adobe Reader 8.1.5 - Deutsch wird entfernt
18-06-2013 21:12:56 Removed Avira SearchFree Toolbar plus Web Protection.
18-06-2013 21:17:37 Free System Utilities
18-06-2013 21:21:47 Removed Java(TM) 6 Update 39
18-06-2013 21:27:19 TuneUp Utilities 2013 wird entfernt
18-06-2013 21:28:23 TuneUp Utilities Language Pack (de-DE) wird entfernt
18-06-2013 22:13:10 Installed Java 7 Update 25
19-06-2013 10:25:08 Geplanter Prüfpunkt
21-06-2013 08:58:59 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {13DCB811-D5D8-447B-91EA-F5A3AB23F525} - System32\Tasks\Microsoft\Windows\RestartManager\{9CD0896D-49CF-4f85-81B1-9765CB892130} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {285A0F88-CDA8-42A1-8FE9-4EF79BB83E60} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-06-10] ()
Task: {2CD41F58-8409-4ACB-981A-449FDA05738E} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {552B8153-2C6B-48C7-9369-02F0BF78D20D} - System32\Tasks\Freemium1ClickMaint => C:\Users\Oli\Desktop\1Click.exe No File
Task: {5BD5E023-6AE5-413A-AD48-BA3A7AD65FEA} - System32\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804} => C:\Windows\system32\msfeedssync.exe [2011-05-13] (Microsoft Corporation)
Task: {62300999-FD0E-4C05-9760-4AC872837C5D} - \Auf Updates für Windows Live Toolbar prüfen No Task File
Task: {66AF1AEE-334C-426A-BB60-1DF5D9299CB8} - System32\Tasks\Message Center plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {6B9D80E7-1E65-4342-8633-82F900252741} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {914E5D7F-5FCB-405C-9757-FE742BA82212} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {927C0E4E-55C6-4D83-BEB1-174683FC8706} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-06-09] ()
Task: {A4A51BD4-1C92-43BC-B631-C07063A6DC36} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {A5A54CFB-BA06-4CAB-A3FC-812932BEC84D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-18] (Adobe Systems Incorporated)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - \Microsoft\Windows\PLA\System\ConvertLogEntries No Task File
Task: {B5CB9C0A-E549-4A2A-AFF1-54B78F025725} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {B6C30682-4B2C-4A1F-B105-1F2A9F6599B4} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: {B984145E-0E45-4AFB-B8B2-7F4F1CED93A9} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe No File
Task: {C0472EA8-BAAC-4740-9F5A-C25B58B4F60E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {C7B7FD5B-9D2F-426D-9CEB-A6729261784B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DD76EA65-AA07-47D9-88AE-542E29B1E27C} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3876124531-570904608-61060185-1003 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {E489F5F4-50F5-4912-8789-F13606FEDF8B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2013 11:57:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2013 10:53:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 48404926

Error: (06/21/2013 10:53:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 48404926

Error: (06/21/2013 10:53:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 10:53:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 48403881

Error: (06/21/2013 10:53:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 48403881

Error: (06/21/2013 10:53:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 10:53:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 48402633

Error: (06/21/2013 10:53:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 48402633

Error: (06/21/2013 10:53:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/21/2013 00:08:04 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (06/21/2013 00:07:34 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (06/21/2013 00:07:04 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (06/21/2013 00:06:29 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (06/21/2013 00:06:22 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/21/2013 00:05:59 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (06/21/2013 00:03:46 PM) (Source: Service Control Manager) (User: )
Description: Volumeschattenkopie%%1053

Error: (06/21/2013 00:03:46 PM) (Source: Service Control Manager) (User: )
Description: 30000Volumeschattenkopie

Error: (06/21/2013 00:03:46 PM) (Source: DCOM) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/21/2013 00:02:09 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058


Microsoft Office Sessions:
=========================
Error: (06/21/2013 11:57:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2013 10:53:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 48404926

Error: (06/21/2013 10:53:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 48404926

Error: (06/21/2013 10:53:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 10:53:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 48403881

Error: (06/21/2013 10:53:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 48403881

Error: (06/21/2013 10:53:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 10:53:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 48402633

Error: (06/21/2013 10:53:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 48402633

Error: (06/21/2013 10:53:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-06-21 14:27:35.866
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-21 14:27:35.648
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-21 14:27:35.445
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-21 14:27:35.227
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 22:58:49.749
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 22:58:49.515
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 22:58:49.297
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 22:58:49.063
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 22:58:48.595
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 22:58:48.314
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 3061.69 MB
Available physical RAM: 1419.49 MB
Total Pagefile: 6339.78 MB
Available Pagefile: 4459.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.41 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:227.4 GB) (Free:21.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 69EEC121)
Partition 1: (Not Active) - (Size=5 GB) - (Type=27)
Partition 2: (Active) - (Size=227 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

--- --- ---

Hi, FRST muss auf dem Desktop gespeichert werden und auch von dort laufen, bitte wiederholen

ok, hier dir Inhalte
FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2013 01
Ran by Oli (administrator) on 22-06-2013 03:34:13
Running from C:\Users\Oli\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo.) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Soluto) C:\Program Files\Soluto\soluto.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMHandler.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
(Corel, Inc.) C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
(Cyberlink Corp.) C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [34352 2007-06-05] (Lenovo)
HKLM\...\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54560 2008-03-11] (Lenovo Group Limited)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-06-06] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [120368 2007-04-26] (Lenovo Group Limited)
HKLM\...\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [217176 2006-11-15] (Diskeeper Corporation)
HKLM\...\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [478800 2006-12-14] (Corel, Inc.)
HKLM\...\Run: [RemoteControl] "C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM\...\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [321088 2007-03-14] (Pure Networks, Inc.)
HKLM\...\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431392 2008-10-27] (Lenovo)
HKLM\...\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [148768 2008-10-27] (Lenovo)
HKLM\...\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent [2872632 2007-11-29] (Lenovo Group Limited)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1161248 2012-09-11] (Soluto)
Startup: C:\ProgramData\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\LenovoRegistration.lnk
ShortcutTarget: LenovoRegistration.lnk -> C:\SWTOOLS\LenovoWelcome\LenovoRegistration.cmd ()
Startup: C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
SearchScopes: HKLM - {A03ED460-C02F-432E-9342-F6FD4A58F8FE} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - {39878658-3752-4733-BB04-5F9C10238C2B} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {3B5949CE-17C6-4019-8D6C-909A620E2BC1} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {65850DB7-5761-4F85-8ECE-3BB23CB0AAE3} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKCU - {A03ED460-C02F-432E-9342-F6FD4A58F8FE} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - {A5BEED6C-FE8D-4955-B794-A47999048803} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {AFBA95A4-CF86-49DC-A67D-4E207B28DA29} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
SearchScopes: HKCU - {C45A5A1F-F6E8-4B8D-892C-55093C78D74D} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {D95DC870-3FB7-483B-9726-85C0FE205A6E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=bd407759-ed6e-4325-ad99-47f37c1ffaae&apn_sauid=98DFC086-8889-40FB-83F9-7DB7F4C5957A
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544936.dll (PC-Doctor, Inc.)
Toolbar: HKCU -No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value - 
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-01] (Avira Operations GmbH & Co. KG)
S3 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation)
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54560 2008-03-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-06-19] (SurfRight B.V.)
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 nmraapache; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [12800 2007-03-14] (Pure Networks, Inc.)
R2 nmservice; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [321088 2007-03-14] (Pure Networks, Inc.)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2007-03-16] (Lenovo)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-20] ()
R2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [603664 2012-09-11] (Soluto)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited)
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [296448 2013-05-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2007-11-29] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-06-06] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-06-06] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2012-09-11] (Soluto LTD.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Vsdatant; system32\DRIVERS\vsdatant.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-21 14:26 - 2013-06-21 14:26 - 00000000 ____D C:\FRST
2013-06-21 14:25 - 2013-06-21 14:25 - 01369429 ____A (Farbar) C:\Users\Oli\Desktop\FRST.exe
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setupact.log
2013-06-21 11:57 - 2013-06-21 11:57 - 00003472 ____A C:\Windows\PFRO.log
2013-06-19 23:02 - 2013-06-19 23:02 - 00107508 ____A C:\Users\Oli\Desktop\OTL.Txt
2013-06-19 22:53 - 2013-06-19 22:53 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-19 11:53 - 2013-06-19 11:53 - 00003952 ____A C:\Users\Oli\Desktop\HitmanPro_20130619_1153.log
2013-06-19 11:48 - 2013-06-19 11:48 - 00001754 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-06-19 11:48 - 2013-06-19 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-19 11:45 - 2013-06-19 22:53 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-19 11:45 - 2013-06-19 11:45 - 09171472 ____A (SurfRight B.V.) C:\Users\Oli\Desktop\HitmanPro.exe
2013-06-19 00:33 - 2013-06-19 00:33 - 00008292 ____A C:\AdwCleaner[S1].txt
2013-06-19 00:32 - 2013-06-19 00:32 - 00648201 ____A C:\Users\Oli\Desktop\adwcleaner.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-19 00:00 - 2013-06-19 00:00 - 00001902 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-18 23:53 - 2013-06-22 03:23 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 23:53 - 2013-06-18 23:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-18 23:53 - 2013-06-18 23:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-17 21:20 - 2013-06-17 21:45 - 00018232 ____A C:\Users\Oli\Desktop\install.txt
2013-06-15 20:36 - 2013-06-15 20:36 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Oli\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-15 20:03 - 2013-06-15 20:03 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-15 17:24 - 2013-06-15 17:24 - 00020966 ____A C:\ComboFix.txt
2013-06-15 15:48 - 2013-06-15 17:24 - 00000000 ____D C:\ComboFix
2013-06-15 15:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-15 15:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-15 15:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-15 15:47 - 2013-06-15 17:24 - 00000000 ____D C:\Qoobox
2013-06-15 15:47 - 2013-06-15 17:19 - 00000000 ____D C:\Windows\erdnt
2013-06-15 15:46 - 2013-06-15 15:47 - 05080197 ____R (Swearware) C:\Users\Oli\Desktop\ComboFix.exe
2013-06-15 15:21 - 2013-06-15 15:21 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Oli\Desktop\tdsskiller.exe
2013-06-15 14:48 - 2013-06-15 15:07 - 00000000 ____D C:\_OTL
2013-06-15 14:00 - 2013-06-15 14:00 - 00069998 ____A C:\Users\Oli\Desktop\Extras.Txt
2013-06-15 13:42 - 2013-06-15 13:42 - 00000468 ____A C:\Users\Oli\Desktop\defogger_disable.log
2013-06-15 13:42 - 2013-06-15 13:42 - 00000000 ____A C:\Users\Oli\defogger_reenable
2013-06-15 13:41 - 2013-06-15 13:41 - 00050477 ____A C:\Users\Oli\Desktop\Defogger.exe
2013-06-14 14:11 - 2013-06-14 14:11 - 00602112 ____A (OldTimer Tools) C:\Users\Oli\Desktop\OTL.exe
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-13 11:51 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 11:51 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 11:51 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 11:51 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 11:51 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 11:51 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 11:51 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 11:51 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 11:51 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 11:51 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 11:51 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 11:51 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 11:50 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 11:50 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 11:50 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 11:50 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 14:57 - 2013-06-12 14:57 - 00013584 ____A C:\Users\Oli\Desktop\hs_err_pid10352.log
2013-06-12 13:38 - 2013-06-12 13:38 - 00008790 ____A C:\Users\Oli\Documents\cc_20130612_133805.reg
2013-06-12 13:37 - 2013-06-12 13:37 - 00016178 ____A C:\Users\Oli\Documents\cc_20130612_133728.reg
2013-06-12 12:49 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:49 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 12:49 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 12:49 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:49 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:49 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:49 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-10 14:22 - 2013-06-10 14:22 - 00001674 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-10 14:21 - 2013-06-10 14:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-07 12:37 - 2013-06-07 12:37 - 00013489 ____A C:\Users\Oli\Desktop\hs_err_pid4268.log
2013-06-04 17:32 - 2013-06-04 17:32 - 00269890 ____A C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
2013-05-28 15:26 - 2013-06-20 21:16 - 00351450 ____A C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
2013-05-27 14:28 - 2013-05-27 14:28 - 00001736 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

==================== One Month Modified Files and Folders ========

2013-06-22 03:23 - 2013-06-18 23:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-22 03:23 - 2008-08-16 08:26 - 01183207 ____A C:\Windows\WindowsUpdate.log
2013-06-22 03:22 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 03:22 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-21 14:26 - 2013-06-21 14:26 - 00000000 ____D C:\FRST
2013-06-21 14:25 - 2013-06-21 14:25 - 01369429 ____A (Farbar) C:\Users\Oli\Desktop\FRST.exe
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setupact.log
2013-06-21 11:58 - 2012-03-04 18:27 - 00000438 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-21 11:57 - 2013-06-21 11:57 - 00003472 ____A C:\Windows\PFRO.log
2013-06-21 11:57 - 2007-08-16 12:28 - 00025311 ____A C:\Windows\System32\PROCDB.INI
2013-06-21 11:57 - 2007-08-16 12:28 - 00000380 ____A C:\Windows\System32\IPSCtrl.INI
2013-06-21 11:57 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-21 11:55 - 2008-08-16 08:27 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-21 11:55 - 2006-11-02 15:01 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-20 21:16 - 2013-05-28 15:26 - 00351450 ____A C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
2013-06-19 23:02 - 2013-06-19 23:02 - 00107508 ____A C:\Users\Oli\Desktop\OTL.Txt
2013-06-19 22:53 - 2013-06-19 22:53 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-19 22:53 - 2013-06-19 11:45 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-19 12:05 - 2008-08-16 09:10 - 00000000 ____D C:\Program Files\Google
2013-06-19 12:00 - 2008-12-14 23:44 - 00000000 ____D C:\Users\Oli\AppData\Local\Google
2013-06-19 11:53 - 2013-06-19 11:53 - 00003952 ____A C:\Users\Oli\Desktop\HitmanPro_20130619_1153.log
2013-06-19 11:48 - 2013-06-19 11:48 - 00001754 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-06-19 11:48 - 2013-06-19 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-19 11:45 - 2013-06-19 11:45 - 09171472 ____A (SurfRight B.V.) C:\Users\Oli\Desktop\HitmanPro.exe
2013-06-19 11:43 - 2008-12-14 23:33 - 00000000 ____D C:\ProgramData\Google
2013-06-19 00:33 - 2013-06-19 00:33 - 00008292 ____A C:\AdwCleaner[S1].txt
2013-06-19 00:32 - 2013-06-19 00:32 - 00648201 ____A C:\Users\Oli\Desktop\adwcleaner.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-19 00:13 - 2012-08-01 10:19 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-19 00:13 - 2012-01-16 16:17 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-19 00:13 - 2008-08-16 08:59 - 00000000 ____D C:\Program Files\Java
2013-06-19 00:05 - 2008-08-16 08:48 - 00000000 ____D C:\ProgramData\Adobe
2013-06-19 00:02 - 2008-12-14 15:47 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Adobe
2013-06-19 00:01 - 2008-12-21 19:07 - 00000000 ____D C:\Users\Oli\AppData\Local\Adobe
2013-06-19 00:00 - 2013-06-19 00:00 - 00001902 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-19 00:00 - 2008-12-21 19:15 - 00000000 ____D C:\Program Files\Adobe
2013-06-19 00:00 - 2008-08-16 08:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-18 23:53 - 2013-06-18 23:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-18 23:53 - 2013-06-18 23:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-18 23:21 - 2009-12-27 23:29 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Internet-Radio Player
2013-06-17 21:45 - 2013-06-17 21:20 - 00018232 ____A C:\Users\Oli\Desktop\install.txt
2013-06-15 20:36 - 2013-06-15 20:36 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Oli\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-15 20:03 - 2013-06-15 20:03 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-15 17:24 - 2013-06-15 17:24 - 00020966 ____A C:\ComboFix.txt
2013-06-15 17:24 - 2013-06-15 15:48 - 00000000 ____D C:\ComboFix
2013-06-15 17:24 - 2013-06-15 15:47 - 00000000 ____D C:\Qoobox
2013-06-15 17:24 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default
2013-06-15 17:24 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-06-15 17:19 - 2013-06-15 15:47 - 00000000 ____D C:\Windows\erdnt
2013-06-15 17:13 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini
2013-06-15 16:02 - 2006-11-02 12:22 - 62652416 ____A C:\Windows\System32\config\software.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 36175872 ____A C:\Windows\System32\config\COMPON~1.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 21233664 ____A C:\Windows\System32\config\system.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\default.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 00061440 ____A C:\Windows\System32\config\sam.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 00020480 ____A C:\Windows\System32\config\security.bak
2013-06-15 15:47 - 2013-06-15 15:46 - 05080197 ____R (Swearware) C:\Users\Oli\Desktop\ComboFix.exe
2013-06-15 15:21 - 2013-06-15 15:21 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Oli\Desktop\tdsskiller.exe
2013-06-15 15:07 - 2013-06-15 14:48 - 00000000 ____D C:\_OTL
2013-06-15 14:25 - 2012-12-21 02:03 - 00000000 ____D C:\Users\Oli\AppData\Local\DoNotTrackPlus
2013-06-15 14:00 - 2013-06-15 14:00 - 00069998 ____A C:\Users\Oli\Desktop\Extras.Txt
2013-06-15 13:42 - 2013-06-15 13:42 - 00000468 ____A C:\Users\Oli\Desktop\defogger_disable.log
2013-06-15 13:42 - 2013-06-15 13:42 - 00000000 ____A C:\Users\Oli\defogger_reenable
2013-06-15 13:42 - 2008-12-14 15:40 - 00000000 ____D C:\users\Oli
2013-06-15 13:41 - 2013-06-15 13:41 - 00050477 ____A C:\Users\Oli\Desktop\Defogger.exe
2013-06-14 14:11 - 2013-06-14 14:11 - 00602112 ____A (OldTimer Tools) C:\Users\Oli\Desktop\OTL.exe
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-13 12:18 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 11:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 11:46 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 14:57 - 2013-06-12 14:57 - 00013584 ____A C:\Users\Oli\Desktop\hs_err_pid10352.log
2013-06-12 13:38 - 2013-06-12 13:38 - 00008790 ____A C:\Users\Oli\Documents\cc_20130612_133805.reg
2013-06-12 13:37 - 2013-06-12 13:37 - 00016178 ____A C:\Users\Oli\Documents\cc_20130612_133728.reg
2013-06-10 14:22 - 2013-06-10 14:22 - 00001674 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-10 14:21 - 2013-06-10 14:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-10 14:21 - 2010-06-18 23:16 - 00000000 ____D C:\Program Files\iTunes
2013-06-10 14:21 - 2010-06-18 23:16 - 00000000 ____D C:\Program Files\iPod
2013-06-08 16:28 - 2009-03-13 11:49 - 00000393 ____A C:\Users\Public\Documents\BluetoothLog.html
2013-06-07 12:37 - 2013-06-07 12:37 - 00013489 ____A C:\Users\Oli\Desktop\hs_err_pid4268.log
2013-06-04 17:32 - 2013-06-04 17:32 - 00269890 ____A C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
2013-05-27 18:50 - 2012-10-04 20:37 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-05-27 14:29 - 2010-04-01 20:12 - 00000000 ____D C:\Program Files\QuickTime
2013-05-27 14:28 - 2013-05-27 14:28 - 00001736 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-27 14:07 - 2009-03-11 01:18 - 00000000 ____A C:\Users\Public\Documents\AcSvc.dmp

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-21 12:23

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Die Addition.txt krieg ich irgendwie nicht hin..., auch kein # Zeichen hilft...

Habe nun erneut einen Scan mit FRST durchgeführt und unter Optional Scan ein Häkchen bei "Addition.txt" gesetzt, nun habe ich beide Logdateien. Ich hoffe das ist nun korrekt:
FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2013 02
Ran by Oli (administrator) on 22-06-2013 13:43:59
Running from C:\Users\Oli\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo.) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Soluto) C:\Program Files\Soluto\soluto.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMHandler.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
(Corel, Inc.) C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
(Cyberlink Corp.) C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [34352 2007-06-05] (Lenovo)
HKLM\...\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54560 2008-03-11] (Lenovo Group Limited)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-06-06] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [120368 2007-04-26] (Lenovo Group Limited)
HKLM\...\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [217176 2006-11-15] (Diskeeper Corporation)
HKLM\...\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [478800 2006-12-14] (Corel, Inc.)
HKLM\...\Run: [RemoteControl] "C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe" [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe" [54832 2006-12-05] ()
HKLM\...\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [321088 2007-03-14] (Pure Networks, Inc.)
HKLM\...\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431392 2008-10-27] (Lenovo)
HKLM\...\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [148768 2008-10-27] (Lenovo)
HKLM\...\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent [2872632 2007-11-29] (Lenovo Group Limited)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1161248 2012-09-11] (Soluto)
Startup: C:\ProgramData\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\LenovoRegistration.lnk
ShortcutTarget: LenovoRegistration.lnk -> C:\SWTOOLS\LenovoWelcome\LenovoRegistration.cmd ()
Startup: C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
SearchScopes: HKLM - {A03ED460-C02F-432E-9342-F6FD4A58F8FE} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - {39878658-3752-4733-BB04-5F9C10238C2B} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {3B5949CE-17C6-4019-8D6C-909A620E2BC1} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {65850DB7-5761-4F85-8ECE-3BB23CB0AAE3} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKCU - {A03ED460-C02F-432E-9342-F6FD4A58F8FE} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - {A5BEED6C-FE8D-4955-B794-A47999048803} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {AFBA95A4-CF86-49DC-A67D-4E207B28DA29} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
SearchScopes: HKCU - {C45A5A1F-F6E8-4B8D-892C-55093C78D74D} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {D95DC870-3FB7-483B-9726-85C0FE205A6E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=bd407759-ed6e-4325-ad99-47f37c1ffaae&apn_sauid=98DFC086-8889-40FB-83F9-7DB7F4C5957A
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544936.dll (PC-Doctor, Inc.)
Toolbar: HKCU -No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: haufereader - No CLSID Value - 
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-01] (Avira Operations GmbH & Co. KG)
S3 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation)
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54560 2008-03-14] (Lenovo.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-06-19] (SurfRight B.V.)
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 nmraapache; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [12800 2007-03-14] (Pure Networks, Inc.)
R2 nmservice; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [321088 2007-03-14] (Pure Networks, Inc.)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2007-03-16] (Lenovo)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-20] ()
R2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [603664 2012-09-11] (Soluto)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited)
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [296448 2013-05-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2007-11-29] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-06-06] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-06-06] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2012-09-11] (Soluto LTD.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Vsdatant; system32\DRIVERS\vsdatant.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-22 13:32 - 2013-06-22 13:33 - 01369341 ____A (Farbar) C:\Users\Oli\Desktop\FRST.exe
2013-06-21 14:26 - 2013-06-21 14:26 - 00000000 ____D C:\FRST
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setupact.log
2013-06-21 11:57 - 2013-06-21 11:57 - 00003472 ____A C:\Windows\PFRO.log
2013-06-19 23:02 - 2013-06-19 23:02 - 00107508 ____A C:\Users\Oli\Desktop\OTL.Txt
2013-06-19 22:53 - 2013-06-19 22:53 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-19 11:53 - 2013-06-19 11:53 - 00003952 ____A C:\Users\Oli\Desktop\HitmanPro_20130619_1153.log
2013-06-19 11:48 - 2013-06-19 11:48 - 00001754 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-06-19 11:48 - 2013-06-19 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-19 11:45 - 2013-06-19 22:53 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-19 11:45 - 2013-06-19 11:45 - 09171472 ____A (SurfRight B.V.) C:\Users\Oli\Desktop\HitmanPro.exe
2013-06-19 00:33 - 2013-06-19 00:33 - 00008292 ____A C:\AdwCleaner[S1].txt
2013-06-19 00:32 - 2013-06-19 00:32 - 00648201 ____A C:\Users\Oli\Desktop\adwcleaner.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 00:14 - 2013-06-19 00:13 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-19 00:00 - 2013-06-19 00:00 - 00001902 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-18 23:53 - 2013-06-22 13:39 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 23:53 - 2013-06-18 23:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-18 23:53 - 2013-06-18 23:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-17 21:20 - 2013-06-17 21:45 - 00018232 ____A C:\Users\Oli\Desktop\install.txt
2013-06-15 20:36 - 2013-06-15 20:36 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Oli\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-15 20:03 - 2013-06-15 20:03 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-15 17:24 - 2013-06-15 17:24 - 00020966 ____A C:\ComboFix.txt
2013-06-15 15:48 - 2013-06-15 17:24 - 00000000 ____D C:\ComboFix
2013-06-15 15:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-15 15:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-15 15:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-15 15:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-15 15:47 - 2013-06-15 17:24 - 00000000 ____D C:\Qoobox
2013-06-15 15:47 - 2013-06-15 17:19 - 00000000 ____D C:\Windows\erdnt
2013-06-15 15:46 - 2013-06-15 15:47 - 05080197 ____R (Swearware) C:\Users\Oli\Desktop\ComboFix.exe
2013-06-15 15:21 - 2013-06-15 15:21 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Oli\Desktop\tdsskiller.exe
2013-06-15 14:48 - 2013-06-15 15:07 - 00000000 ____D C:\_OTL
2013-06-15 14:00 - 2013-06-15 14:00 - 00069998 ____A C:\Users\Oli\Desktop\Extras.Txt
2013-06-15 13:42 - 2013-06-15 13:42 - 00000468 ____A C:\Users\Oli\Desktop\defogger_disable.log
2013-06-15 13:42 - 2013-06-15 13:42 - 00000000 ____A C:\Users\Oli\defogger_reenable
2013-06-15 13:41 - 2013-06-15 13:41 - 00050477 ____A C:\Users\Oli\Desktop\Defogger.exe
2013-06-14 14:11 - 2013-06-14 14:11 - 00602112 ____A (OldTimer Tools) C:\Users\Oli\Desktop\OTL.exe
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-13 11:51 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 11:51 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 11:51 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 11:51 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 11:51 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 11:51 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 11:51 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 11:51 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 11:51 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 11:51 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 11:51 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 11:51 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 11:50 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 11:50 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 11:50 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 11:50 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 14:57 - 2013-06-12 14:57 - 00013584 ____A C:\Users\Oli\Desktop\hs_err_pid10352.log
2013-06-12 13:38 - 2013-06-12 13:38 - 00008790 ____A C:\Users\Oli\Documents\cc_20130612_133805.reg
2013-06-12 13:37 - 2013-06-12 13:37 - 00016178 ____A C:\Users\Oli\Documents\cc_20130612_133728.reg
2013-06-12 12:49 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:49 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 12:49 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 12:49 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:49 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:49 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:49 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:49 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-10 14:22 - 2013-06-10 14:22 - 00001674 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-10 14:21 - 2013-06-10 14:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-07 12:37 - 2013-06-07 12:37 - 00013489 ____A C:\Users\Oli\Desktop\hs_err_pid4268.log
2013-06-04 17:32 - 2013-06-04 17:32 - 00269890 ____A C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
2013-05-28 15:26 - 2013-06-20 21:16 - 00351450 ____A C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
2013-05-27 14:28 - 2013-05-27 14:28 - 00001736 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

==================== One Month Modified Files and Folders ========

2013-06-22 13:39 - 2013-06-18 23:53 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-22 13:33 - 2013-06-22 13:32 - 01369341 ____A (Farbar) C:\Users\Oli\Desktop\FRST.exe
2013-06-22 13:33 - 2008-08-16 08:26 - 01203458 ____A C:\Windows\WindowsUpdate.log
2013-06-22 13:28 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 13:28 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-21 14:26 - 2013-06-21 14:26 - 00000000 ____D C:\FRST
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setuperr.log
2013-06-21 12:31 - 2013-06-21 12:31 - 00000000 ____A C:\Windows\setupact.log
2013-06-21 11:58 - 2012-03-04 18:27 - 00000438 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-21 11:57 - 2013-06-21 11:57 - 00003472 ____A C:\Windows\PFRO.log
2013-06-21 11:57 - 2007-08-16 12:28 - 00025311 ____A C:\Windows\System32\PROCDB.INI
2013-06-21 11:57 - 2007-08-16 12:28 - 00000380 ____A C:\Windows\System32\IPSCtrl.INI
2013-06-21 11:57 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-21 11:55 - 2008-08-16 08:27 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-21 11:55 - 2006-11-02 15:01 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-20 21:16 - 2013-05-28 15:26 - 00351450 ____A C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
2013-06-19 23:02 - 2013-06-19 23:02 - 00107508 ____A C:\Users\Oli\Desktop\OTL.Txt
2013-06-19 22:53 - 2013-06-19 22:53 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-19 22:53 - 2013-06-19 11:45 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-19 12:05 - 2008-08-16 09:10 - 00000000 ____D C:\Program Files\Google
2013-06-19 12:00 - 2008-12-14 23:44 - 00000000 ____D C:\Users\Oli\AppData\Local\Google
2013-06-19 11:53 - 2013-06-19 11:53 - 00003952 ____A C:\Users\Oli\Desktop\HitmanPro_20130619_1153.log
2013-06-19 11:48 - 2013-06-19 11:48 - 00001754 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-06-19 11:48 - 2013-06-19 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-19 11:45 - 2013-06-19 11:45 - 09171472 ____A (SurfRight B.V.) C:\Users\Oli\Desktop\HitmanPro.exe
2013-06-19 11:43 - 2008-12-14 23:33 - 00000000 ____D C:\ProgramData\Google
2013-06-19 00:33 - 2013-06-19 00:33 - 00008292 ____A C:\AdwCleaner[S1].txt
2013-06-19 00:32 - 2013-06-19 00:32 - 00648201 ____A C:\Users\Oli\Desktop\adwcleaner.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 00:13 - 2013-06-19 00:14 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-19 00:13 - 2012-08-01 10:19 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-19 00:13 - 2012-01-16 16:17 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-19 00:13 - 2008-08-16 08:59 - 00000000 ____D C:\Program Files\Java
2013-06-19 00:05 - 2008-08-16 08:48 - 00000000 ____D C:\ProgramData\Adobe
2013-06-19 00:02 - 2008-12-14 15:47 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Adobe
2013-06-19 00:01 - 2008-12-21 19:07 - 00000000 ____D C:\Users\Oli\AppData\Local\Adobe
2013-06-19 00:00 - 2013-06-19 00:00 - 00001902 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-19 00:00 - 2008-12-21 19:15 - 00000000 ____D C:\Program Files\Adobe
2013-06-19 00:00 - 2008-08-16 08:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-18 23:53 - 2013-06-18 23:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-18 23:53 - 2013-06-18 23:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-18 23:21 - 2009-12-27 23:29 - 00000000 ____D C:\Users\Oli\AppData\Roaming\Internet-Radio Player
2013-06-17 21:45 - 2013-06-17 21:20 - 00018232 ____A C:\Users\Oli\Desktop\install.txt
2013-06-15 20:36 - 2013-06-15 20:36 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Oli\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-15 20:03 - 2013-06-15 20:03 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-15 17:24 - 2013-06-15 17:24 - 00020966 ____A C:\ComboFix.txt
2013-06-15 17:24 - 2013-06-15 15:48 - 00000000 ____D C:\ComboFix
2013-06-15 17:24 - 2013-06-15 15:47 - 00000000 ____D C:\Qoobox
2013-06-15 17:24 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default
2013-06-15 17:24 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-06-15 17:19 - 2013-06-15 15:47 - 00000000 ____D C:\Windows\erdnt
2013-06-15 17:13 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini
2013-06-15 16:02 - 2006-11-02 12:22 - 62652416 ____A C:\Windows\System32\config\software.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 36175872 ____A C:\Windows\System32\config\COMPON~1.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 21233664 ____A C:\Windows\System32\config\system.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\default.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 00061440 ____A C:\Windows\System32\config\sam.bak
2013-06-15 16:02 - 2006-11-02 12:22 - 00020480 ____A C:\Windows\System32\config\security.bak
2013-06-15 15:47 - 2013-06-15 15:46 - 05080197 ____R (Swearware) C:\Users\Oli\Desktop\ComboFix.exe
2013-06-15 15:21 - 2013-06-15 15:21 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Oli\Desktop\tdsskiller.exe
2013-06-15 15:07 - 2013-06-15 14:48 - 00000000 ____D C:\_OTL
2013-06-15 14:25 - 2012-12-21 02:03 - 00000000 ____D C:\Users\Oli\AppData\Local\DoNotTrackPlus
2013-06-15 14:00 - 2013-06-15 14:00 - 00069998 ____A C:\Users\Oli\Desktop\Extras.Txt
2013-06-15 13:42 - 2013-06-15 13:42 - 00000468 ____A C:\Users\Oli\Desktop\defogger_disable.log
2013-06-15 13:42 - 2013-06-15 13:42 - 00000000 ____A C:\Users\Oli\defogger_reenable
2013-06-15 13:42 - 2008-12-14 15:40 - 00000000 ____D C:\users\Oli
2013-06-15 13:41 - 2013-06-15 13:41 - 00050477 ____A C:\Users\Oli\Desktop\Defogger.exe
2013-06-14 14:11 - 2013-06-14 14:11 - 00602112 ____A (OldTimer Tools) C:\Users\Oli\Desktop\OTL.exe
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-14 13:13 - 2013-06-14 13:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-13 12:18 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 11:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 11:46 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 14:57 - 2013-06-12 14:57 - 00013584 ____A C:\Users\Oli\Desktop\hs_err_pid10352.log
2013-06-12 13:38 - 2013-06-12 13:38 - 00008790 ____A C:\Users\Oli\Documents\cc_20130612_133805.reg
2013-06-12 13:37 - 2013-06-12 13:37 - 00016178 ____A C:\Users\Oli\Documents\cc_20130612_133728.reg
2013-06-10 14:22 - 2013-06-10 14:22 - 00001674 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-10 14:21 - 2013-06-10 14:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-10 14:21 - 2010-06-18 23:16 - 00000000 ____D C:\Program Files\iTunes
2013-06-10 14:21 - 2010-06-18 23:16 - 00000000 ____D C:\Program Files\iPod
2013-06-08 16:28 - 2009-03-13 11:49 - 00000393 ____A C:\Users\Public\Documents\BluetoothLog.html
2013-06-07 12:37 - 2013-06-07 12:37 - 00013489 ____A C:\Users\Oli\Desktop\hs_err_pid4268.log
2013-06-04 17:32 - 2013-06-04 17:32 - 00269890 ____A C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
2013-05-27 18:50 - 2012-10-04 20:37 - 00000000 ____D C:\ProgramData\DesktopIcons
2013-05-27 14:29 - 2010-04-01 20:12 - 00000000 ____D C:\Program Files\QuickTime
2013-05-27 14:28 - 2013-05-27 14:28 - 00001736 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-27 14:07 - 2009-03-11 01:18 - 00000000 ____A C:\Users\Public\Documents\AcSvc.dmp

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-21 12:23

==================== End Of Log ============================
         

--- --- ---

--- --- ---
FRST Additions Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2013 02
Ran by Oli at 2013-06-22 13:44:19 Run:
Running from C:\Users\Oli\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Access Help (Version: 2.00)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Agere Systems HDA Modem
Anzeige am Bildschirm (Version: 5.32.00)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 13.0.0.3640)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 10.15.06)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1)
CCleaner (Version: 2.27)
Client Security - Password Manager (Version: 8.10.0006.00)
Corel Snapfire Plus (Version: 1.10.0000)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diskeeper Home (Version: 9.0.545)
EPSON-Drucker-Software
Ergänzung zu Lenovo Care (Version: 2.00)
Haufe iDesk-Service (Version: 8.08.20.5622)
Help Center (Version: 2.00c)
HitmanPro 3.7 (Version: 3.7.6.201)
iCloud (Version: 2.1.2.8)
Integrated Camera (Version: 5.8.8.012)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JNLP
Junk Mail filter update (Version: 15.4.3502.0922)
Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900 (Version: 6.0.1.4900)
Lenovo Care (Version: 2.10)
Lenovo Fingerprint Software (Version: 1.1.0.21)
Lenovo Multimedia Center
Lenovo PM Driver (Version: 0.63.1.6)
Lenovo Registration
Lenovo System Interface Driver (Version: 1.01)
Lenovo ThinkVantage Toolbox (Version: 6.0.5449.37)
Lexware Info Service (Version: 2.90.00.0009)
Maintenance Manager (Version: 3.0.5.0)
Mesh Runtime (Version: 15.4.5722.2)
Message Center (Version: 2.01b)
Message Center Plus (Version: 2.0.0012.00)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Maintenance Service (Version: 17.0.6)
Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NAVIGON Fresh 3.3.1 (Version: 3.3.1)
Network Magic (Version: 4.1.7082.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PM Driver (Version: 0.63.1.6)
Power Ux Customization (Version: 1.00.0000)
Präsentationsdirektor (Version: 4.08)
QuickSteuer 2009 SE (Version: 15.00.00.0033)
QuickSteuer 2010 SE (Version: 16.14.00.0001)
QuickSteuer 2011 (Version: 17.08.00.0006)
QuickSteuer 2012 (Version: 18.09.00.0003)
QuickSteuer 2013 (Version: 19.06.00.0003)
QuickSteuer Wissens-Center 2009 (Version: 15.0.1.0)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5391)
Registry patch for Windows Vista USB S3 PM Enablement (Version: 1.00)
Rescue and Recovery (Version: 4.21.0015.00)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33 (Version: 3.33.01)
Segoe UI (Version: 15.4.2271.0615)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
Soluto (Version: 1.3.979.0)
Steuer Update 15.09 (Version: 15.09)
Synaptics Pointing Device Driver (Version: 9.0.3.0)
System Migration Assistant (Version: 6.00.0009)
System Update (Version: 3.15.0017)
ThinkVantage Access Connections (Version: 5.12)
ThinkVantage Technologies Welcome Message (Version: 1.21)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.73)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.5000.00)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Wallpapers
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordPerfect Office X3
WordPerfect Office X3 (Version: 13.2)

==================== Restore Points  =========================

12-06-2013 12:59:02 Windows Defender Checkpoint
13-06-2013 09:35:17 Windows Update
14-06-2013 10:13:23 Geplanter Prüfpunkt
14-06-2013 11:13:17 Installed SpyHunter
15-06-2013 16:42:04 Geplanter Prüfpunkt
15-06-2013 18:02:28 Removed SpyHunter
16-06-2013 10:59:21 Geplanter Prüfpunkt
17-06-2013 09:20:04 Geplanter Prüfpunkt
18-06-2013 08:43:37 Geplanter Prüfpunkt
18-06-2013 08:49:58 Windows Update
18-06-2013 21:10:53 Adobe Reader 8.1.5 - Deutsch wird entfernt
18-06-2013 21:12:56 Removed Avira SearchFree Toolbar plus Web Protection.
18-06-2013 21:17:37 Free System Utilities
18-06-2013 21:21:47 Removed Java(TM) 6 Update 39
18-06-2013 21:27:19 TuneUp Utilities 2013 wird entfernt
18-06-2013 21:28:23 TuneUp Utilities Language Pack (de-DE) wird entfernt
18-06-2013 22:13:10 Installed Java 7 Update 25
19-06-2013 10:25:08 Geplanter Prüfpunkt
21-06-2013 08:58:59 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {13DCB811-D5D8-447B-91EA-F5A3AB23F525} - System32\Tasks\Microsoft\Windows\RestartManager\{9CD0896D-49CF-4f85-81B1-9765CB892130} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {285A0F88-CDA8-42A1-8FE9-4EF79BB83E60} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-06-10] ()
Task: {2CD41F58-8409-4ACB-981A-449FDA05738E} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {552B8153-2C6B-48C7-9369-02F0BF78D20D} - System32\Tasks\Freemium1ClickMaint => C:\Users\Oli\Desktop\1Click.exe No File
Task: {5BD5E023-6AE5-413A-AD48-BA3A7AD65FEA} - System32\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804} => C:\Windows\system32\msfeedssync.exe [2011-05-13] (Microsoft Corporation)
Task: {62300999-FD0E-4C05-9760-4AC872837C5D} - \Auf Updates für Windows Live Toolbar prüfen No Task File
Task: {66AF1AEE-334C-426A-BB60-1DF5D9299CB8} - System32\Tasks\Message Center plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {6B9D80E7-1E65-4342-8633-82F900252741} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {914E5D7F-5FCB-405C-9757-FE742BA82212} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {927C0E4E-55C6-4D83-BEB1-174683FC8706} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-06-09] ()
Task: {A4A51BD4-1C92-43BC-B631-C07063A6DC36} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {A5A54CFB-BA06-4CAB-A3FC-812932BEC84D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-18] (Adobe Systems Incorporated)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - \Microsoft\Windows\PLA\System\ConvertLogEntries No Task File
Task: {B5CB9C0A-E549-4A2A-AFF1-54B78F025725} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {B6C30682-4B2C-4A1F-B105-1F2A9F6599B4} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: {B984145E-0E45-4AFB-B8B2-7F4F1CED93A9} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe No File
Task: {C0472EA8-BAAC-4740-9F5A-C25B58B4F60E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {C7B7FD5B-9D2F-426D-9CEB-A6729261784B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DD76EA65-AA07-47D9-88AE-542E29B1E27C} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3876124531-570904608-61060185-1003 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {E489F5F4-50F5-4912-8789-F13606FEDF8B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2013 03:22:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45495757

Error: (06/22/2013 03:22:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45495757

Error: (06/22/2013 03:22:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 03:22:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45494712

Error: (06/22/2013 03:22:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45494712

Error: (06/22/2013 03:22:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 02:44:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15085

Error: (06/21/2013 02:44:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15085

Error: (06/21/2013 02:44:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 02:44:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3681


System errors:
=============
Error: (06/21/2013 00:08:04 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (06/21/2013 00:07:34 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (06/21/2013 00:07:04 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (06/21/2013 00:06:29 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (06/21/2013 00:06:22 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/21/2013 00:05:59 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (06/21/2013 00:03:46 PM) (Source: Service Control Manager) (User: )
Description: Volumeschattenkopie%%1053

Error: (06/21/2013 00:03:46 PM) (Source: Service Control Manager) (User: )
Description: 30000Volumeschattenkopie

Error: (06/21/2013 00:03:46 PM) (Source: DCOM) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/21/2013 00:02:09 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058


Microsoft Office Sessions:
=========================
Error: (06/22/2013 03:22:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45495757

Error: (06/22/2013 03:22:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45495757

Error: (06/22/2013 03:22:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2013 03:22:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45494712

Error: (06/22/2013 03:22:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45494712

Error: (06/22/2013 03:22:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 02:44:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15085

Error: (06/21/2013 02:44:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15085

Error: (06/21/2013 02:44:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2013 02:44:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3681


CodeIntegrity Errors:
===================================
  Date: 2013-06-22 13:44:04.325
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-22 13:44:04.122
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-22 13:44:03.919
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-22 13:44:03.717
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-22 13:40:56.054
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-22 13:40:55.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-22 13:40:55.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-22 13:40:55.398
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-22 03:34:17.857
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-22 03:34:17.639
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Soluto.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 3061.69 MB
Available physical RAM: 1604.54 MB
Total Pagefile: 6339.78 MB
Available Pagefile: 4643.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.43 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:227.4 GB) (Free:21.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 69EEC121)
Partition 1: (Not Active) - (Size=5 GB) - (Type=27)
Partition 2: (Active) - (Size=227 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

--- --- ---