Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows hat Win32/Small.CA Meldung im Wartungscenter

Windows hat Win32/Small.CA Meldung im Wartungscenter


Plagegeister aller Art und deren Bekämpfung: Windows hat Win32/Small.CA Meldung im Wartungscenter

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 15.07.2013, 12:23   #1
gusc
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Hallo,

im Windows Wartungscenter (Windows 7 Ulimate 64 bit) erscheint die Meldung:

"Windows hat Win32/Small.CA, einen bekannten Computervirus, auf Ihrem PC erkannt.
Win32/Small.CA hat bewirkt, dass Ihr PC 1 Mal nicht ordnungsgemäß funktioniert hat."

Bei mir ist wie in einem anderen Beitrag (finde ich leider nichts mehr): Ich habe auch den Sophos Scanner installiert. Es wurde dort von "Fehlalarm" gesprochen der an Sophos liegen soll. Wobei dieser insallierte Scanner wie auch andere u. a. desinfect, Malwarebytes/Malwarebytes Anti-Rootkit nichts finden.

Viele Grüße

gusc

Alt 15.07.2013, 12:43   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 15.07.2013, 16:44   #3
gusc
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Hallo,

vielen Dank für die schnelle Rückmeldung :-)

Ich habe FRST nicht als Admin ausgeführt, wenn das notwendig sein solte dann bitte noch mal melden.

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by ****** (ATTENTION: The logged in user is not administrator) on 15-07-2013 17:38:17
Running from C:\Users\******\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [4756240 2012-03-29] (Intel(R) Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
MountPoints2: {835e8032-358f-11e2-afea-001e101fe70e} - G:\AutoRun.exe
HKLM-x32\...\Run: [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-13] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NcpBudgetGui] - "C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe" -start [1001472 2012-04-04] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] - "C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncppopup.exe" noerrmsg [1011280 2012-03-20] (NCP engineering GmbH)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-01-24] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-01-24] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\..\Interfaces\{ACD6D753-617D-48D2-A34B-B0F3B0852278}: [NameServer]212.23.115.148 212.23.97.2
Tcpip\..\Interfaces\{D0B4C2AC-4502-4DD8-A4E0-16A230400BB5}: [NameServer]10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\w0y5rklk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon

==================== Services (Whitelisted) =================

R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 ncpclcfg; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe [139344 2011-07-27] (NCP engineering GmbH)
R2 ncprwsnt; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe [1594448 2012-04-04] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-13] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-01-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-04-24] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-01-24] (Sophos Limited)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [655912 2011-11-18] (Ericsson AB)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-08-12] (Broadcom Corporation.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2011-10-05] (Ericsson AB)
R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2011-08-17] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [103024 2012-04-03] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [103024 2012-04-03] (NCP Engineering GmbH)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-01-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2011-10-01] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 17:38 - 2013-07-15 17:38 - 00000000 ____D C:\FRST
2013-07-15 17:35 - 2013-07-15 17:36 - 01777839 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2013-07-13 19:01 - 2013-07-13 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 16:54 - 2013-07-12 16:56 - 00000000 ____D C:\ProgramData\Readiris14Pro
2013-07-09 22:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-09 22:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-09 22:25 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 22:25 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-09 22:25 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-09 22:25 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 22:11 - 2013-07-09 22:19 - 00001120 _____ C:\Users\******\Desktop\fehler.txt
2013-07-09 19:26 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-09 19:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 19:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 19:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-09 19:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 19:25 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 19:25 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 16:50 - 2013-07-08 16:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2013-07-08 16:34 - 2013-07-08 16:34 - 00000000 ____D C:\Users\******\AppData\Roaming\TeamViewer
2013-07-05 20:21 - 2013-07-05 20:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 20:03 - 2013-07-05 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 17:34 - 2013-07-03 17:34 - 00000027 _____ C:\Users\******\Desktop\variete.txt
2013-06-27 19:32 - 2013-06-27 19:32 - 00001224 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iPod
2013-06-22 18:10 - 2013-06-23 11:39 - 00000762 _____ C:\Users\******\Desktop\blum.txt
2013-06-19 18:23 - 2013-07-12 16:57 - 00000000 ____D C:\Users\******\Documents\Readiris
2013-06-19 18:23 - 2013-06-19 18:23 - 00000000 ____D C:\Users\******\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-28 19:17 - 00000000 ____D C:\Program Files (x86)\Readiris Pro 14
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2013-06-19 17:53 - 2013-06-12 21:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 17:53 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 17:53 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 17:53 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 17:52 - 2013-06-19 17:53 - 00005019 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log

==================== One Month Modified Files and Folders =======

2013-07-15 17:38 - 2013-07-15 17:38 - 00000000 ____D C:\FRST
2013-07-15 17:36 - 2013-07-15 17:35 - 01777839 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2013-07-15 17:34 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 17:34 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 17:33 - 2012-08-12 19:22 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-07-15 17:33 - 2012-08-12 19:22 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-07-15 17:33 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 17:27 - 2013-02-13 19:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 17:27 - 2012-08-12 13:52 - 00000438 __RSH C:\ProgramData\ntuser.pol
2013-07-15 17:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 17:27 - 2009-07-14 06:51 - 00062668 _____ C:\Windows\setupact.log
2013-07-14 20:51 - 2012-08-12 09:27 - 01353137 _____ C:\Windows\WindowsUpdate.log
2013-07-14 20:00 - 2012-08-12 23:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-14 20:00 - 2012-08-12 23:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 19:19 - 2013-07-13 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 20:58 - 2012-08-26 11:53 - 00000000 ____D C:\Users\******\Documents\Outlook-Dateien
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 17:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-12 16:57 - 2013-06-19 18:23 - 00000000 ____D C:\Users\******\Documents\Readiris
2013-07-12 16:56 - 2013-07-12 16:54 - 00000000 ____D C:\ProgramData\Readiris14Pro
2013-07-10 20:15 - 2013-04-06 20:19 - 00000407 _____ C:\Users\******\Desktop\musik_ab_24_04.txt
2013-07-09 23:31 - 2012-10-26 20:04 - 00000000 ____D C:\Users\******\AppData\Roaming\Skype
2013-07-09 22:42 - 2009-07-14 06:45 - 00340616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-09 22:40 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 22:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 22:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 22:30 - 2012-08-26 08:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-09 22:26 - 2012-08-12 19:03 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-09 22:19 - 2013-07-09 22:11 - 00001120 _____ C:\Users\******\Desktop\fehler.txt
2013-07-08 16:50 - 2013-07-08 16:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2013-07-08 16:34 - 2013-07-08 16:34 - 00000000 ____D C:\Users\******\AppData\Roaming\TeamViewer
2013-07-06 15:43 - 2012-08-12 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 20:23 - 2012-10-07 19:44 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-05 20:22 - 2012-10-07 19:50 - 00000000 ____D C:\Users\******\AppData\Local\Apple Computer
2013-07-05 20:21 - 2013-07-05 20:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 20:04 - 2013-07-05 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 17:34 - 2013-07-03 17:34 - 00000027 _____ C:\Users\******\Desktop\variete.txt
2013-06-28 19:17 - 2013-06-19 18:20 - 00000000 ____D C:\Program Files (x86)\Readiris Pro 14
2013-06-27 19:32 - 2013-06-27 19:32 - 00001224 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iPod
2013-06-23 11:39 - 2013-06-22 18:10 - 00000762 _____ C:\Users\******\Desktop\blum.txt
2013-06-19 18:23 - 2013-06-19 18:23 - 00000000 ____D C:\Users\******\Documents\SafeNet Sentinel
2013-06-19 18:21 - 2013-01-31 22:01 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2013-06-19 18:18 - 2012-08-12 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-19 17:53 - 2013-06-19 17:52 - 00005019 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 17:53 - 2012-09-04 22:09 - 00000000 ____D C:\Program Files (x86)\Java

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by ****** at 2013-07-15 17:38:42
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Acrobat X Standard - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AuthenTec Fingerprint Software (Version: 8.4.4.39)
BioAPI Framework (Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
CDBurnerXP (x32 Version: 4.5.0.3717)
CloudBerry Explorer for Amazon S3 3.6 (Version: 3.6)
Custom (Version: 01.00.00.000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Data Protection | Access (Version: 2.2.00001.001)
Dell Mobile Broadband Manager (x32 Version: 7.1.0.2)
Dell Touchpad (Version: 7.1211.101.114)
Dell Wireless HSPA Mini-Card Drivers (x32 Version: 7.1.0.3)
DellAccess (Version: 01.01.00.104)
dm-Fotowelt (x32 Version: 5.0.1)
dows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
EMBASSY Client Core (Version: 01.01.00.036)
Free M4a to MP3 Converter 7.1 (x32)
Gemalto (Version: 01.64.01.0010)
HP Photosmart 6520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
IDT Audio (x32 Version: 1.0.6388.0)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) Network Connections Drivers (Version: 16.8)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2712)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.1000.0927)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
IrfanView (remove only) (x32 Version: 4.32)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
L&H TTS3000 Deutsch (x32)
L&H TTS3000 Russian (x32)
LANCOM Advanced VPN Client (x32 Version: 2.30 Build 146)
LANconfig (x32 Version: 8.62.21.0)
LANmonitor/WLANmonitor (x32 Version: 8.62.10.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60816.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.37)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.37)
O2Micro OZ776 SCR Driver (Version: 2.1.4.213)
O2Micro OZ776 SCR Driver (x32 Version: 2.1.4.213)
PC-CCID (Version: 2.0.0)
Preboot Manager (Version: 03.03.00.090)
Private Information Manager (Version: 07.01.00.030)
Profi cash (x32)
QuickTime (x32 Version: 7.74.80.86)
Readiris Pro 14 (x32 Version: 14.00.2753)
Skype™ 6.5 (x32 Version: 6.5.158)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
SPBA 5.9 (Version: 5.9.4.6901)
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.10.0016)
toolkit32for64bit (x32 Version: 7.67.47.0000)
Trusted Drive Manager (Version: 4.5.0.136)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000)
Wave Infrastructure Installer (Version: 07.67.60.0020)
Wave Support Software Installer (Version: 05.13.00.051)
WIDCOMM Bluetooth Software (Version: 6.5.1.2410)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2013 05:27:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 04:17:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 11:14:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:29:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:28:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:27:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:16:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 04:47:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 08:23:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 07:14:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/15/2013 05:28:21 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/15/2013 05:27:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.37 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (07/14/2013 07:26:53 PM) (Source: SCardSvr) (User: )
Description: Das Gerät erkennt den Befehl nicht.Mobile Broadband SIM Card Reader 0GET_STATEXX XX XX XX

Error: (07/14/2013 04:18:33 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/14/2013 04:17:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.37 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (07/14/2013 11:15:26 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/14/2013 11:14:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.37 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (07/14/2013 08:29:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/14/2013 08:29:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinDefend" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1352

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/14/2013 08:29:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.37 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0


Microsoft Office Sessions:
=========================
Error: (07/15/2013 05:27:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 04:17:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 11:14:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:29:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:28:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:27:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:16:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 04:47:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 08:23:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 07:14:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8074.61 MB
Available physical RAM: 5884.22 MB
Total Pagefile: 16147.41 MB
Available Pagefile: 13869.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:155.12 GB) (Free:99.19 GB) NTFS (Disk=0 Partition=4)
Drive d: (Backup) (Fixed) (Total:156.25 GB) (Free:54.76 GB) NTFS (Disk=0 Partition=2)
Drive e: (Daten) (Fixed) (Total:154.3 GB) (Free:144.33 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

==================== End Of Log ============================
Viele Grüße

gusc
__________________
Alt 15.07.2013, 19:11   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Zitat:
Ich habe FRST nicht als Admin ausgeführt, wenn das notwendig sein solte dann bitte noch mal melden.
Alle unsere Tools müssen als Admin laufen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2013, 19:26   #5
gusc
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


sorry, auf ein neues:

FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by admin (administrator) on 15-07-2013 20:22:39
Running from C:\Users\******\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe
(NCP Engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe
() C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE
(O2Micro International) C:\Windows\system32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\sysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [4756240 2012-03-29] (Intel(R) Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKCU\...\Run: [HP Photosmart 6520 series (NET)] - "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN27P1631B05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.)
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {835e8008-358f-11e2-afea-0200067a5014} - G:\AutoRun.exe
MountPoints2: {835e800d-358f-11e2-afea-0200067a5014} - G:\AutoRun.exe
HKLM-x32\...\Run: [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-13] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NcpBudgetGui] - "C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe" -start [1001472 2012-04-04] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] - "C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncppopup.exe" noerrmsg [1011280 2012-03-20] (NCP engineering GmbH)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-01-24] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-01-24] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\..\Interfaces\{ACD6D753-617D-48D2-A34B-B0F3B0852278}: [NameServer]212.23.115.148 212.23.97.2
Tcpip\..\Interfaces\{D0B4C2AC-4502-4DD8-A4E0-16A230400BB5}: [NameServer]10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xi95likw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon

==================== Services (Whitelisted) =================

R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 ncpclcfg; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe [139344 2011-07-27] (NCP engineering GmbH)
R2 ncprwsnt; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe [1594448 2012-04-04] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-13] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-01-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-04-24] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-01-24] (Sophos Limited)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [655912 2011-11-18] (Ericsson AB)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-08-12] (Broadcom Corporation.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2011-10-05] (Ericsson AB)
R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2011-08-17] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [103024 2012-04-03] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [103024 2012-04-03] (NCP Engineering GmbH)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-01-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2011-10-01] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 19:08 - 2013-07-15 19:08 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-15 17:38 - 2013-07-15 17:38 - 00000000 ____D C:\FRST
2013-07-15 17:35 - 2013-07-15 17:36 - 01777839 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2013-07-13 19:01 - 2013-07-13 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 17:42 - 2013-07-12 17:42 - 00000000 ____D C:\Users\admin\AppData\Local\Sophos
2013-07-12 16:54 - 2013-07-12 16:56 - 00000000 ____D C:\ProgramData\Readiris14Pro
2013-07-09 22:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-09 22:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-09 22:25 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 22:25 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-09 22:25 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-09 22:25 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 22:11 - 2013-07-09 22:19 - 00001120 _____ C:\Users\******\Desktop\fehler.txt
2013-07-09 19:26 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-09 19:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 19:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 19:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-09 19:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 19:25 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 19:25 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 16:50 - 2013-07-08 16:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2013-07-08 16:34 - 2013-07-08 16:34 - 00000000 ____D C:\Users\******\AppData\Roaming\TeamViewer
2013-07-05 20:21 - 2013-07-05 20:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 20:03 - 2013-07-05 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 17:34 - 2013-07-03 17:34 - 00000027 _____ C:\Users\******\Desktop\variete.txt
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iPod
2013-06-26 18:51 - 2013-06-26 18:51 - 00001224 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk
2013-06-22 18:10 - 2013-06-23 11:39 - 00000762 _____ C:\Users\******\Desktop\blum.txt
2013-06-19 18:23 - 2013-07-12 16:57 - 00000000 ____D C:\Users\******\Documents\Readiris
2013-06-19 18:23 - 2013-06-19 18:23 - 00000000 ____D C:\Users\******\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-28 19:17 - 00000000 ____D C:\Program Files (x86)\Readiris Pro 14
2013-06-19 18:20 - 2013-06-19 18:31 - 00000000 ____D C:\Users\admin\Documents\Readiris
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\Users\admin\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2013-06-19 17:53 - 2013-06-12 21:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 17:53 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 17:53 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 17:53 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 17:52 - 2013-06-19 17:53 - 00005019 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log

==================== One Month Modified Files and Folders =======

2013-07-15 20:04 - 2012-08-12 09:27 - 01363299 _____ C:\Windows\WindowsUpdate.log
2013-07-15 19:57 - 2013-02-13 19:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 19:08 - 2013-07-15 19:08 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-15 17:38 - 2013-07-15 17:38 - 00000000 ____D C:\FRST
2013-07-15 17:36 - 2013-07-15 17:35 - 01777839 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2013-07-15 17:34 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 17:34 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 17:33 - 2012-08-12 19:22 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-07-15 17:33 - 2012-08-12 19:22 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-07-15 17:33 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 17:27 - 2012-08-12 13:52 - 00000438 __RSH C:\ProgramData\ntuser.pol
2013-07-15 17:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 17:27 - 2009-07-14 06:51 - 00062668 _____ C:\Windows\setupact.log
2013-07-14 20:01 - 2012-09-11 20:20 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2013-07-14 20:00 - 2013-02-13 19:11 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-14 20:00 - 2012-08-12 23:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-14 20:00 - 2012-08-12 23:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 19:19 - 2013-07-13 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 20:58 - 2012-08-26 11:53 - 00000000 ____D C:\Users\******\Documents\Outlook-Dateien
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\Users\******\AppData\Roaming\Malwarebytes
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 17:42 - 2013-07-12 17:42 - 00000000 ____D C:\Users\admin\AppData\Local\Sophos
2013-07-12 17:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-12 16:57 - 2013-06-19 18:23 - 00000000 ____D C:\Users\******\Documents\Readiris
2013-07-12 16:56 - 2013-07-12 16:54 - 00000000 ____D C:\ProgramData\Readiris14Pro
2013-07-10 20:15 - 2013-04-06 20:19 - 00000407 _____ C:\Users\******\Desktop\musik_ab_24_04.txt
2013-07-09 23:31 - 2012-10-26 20:04 - 00000000 ____D C:\Users\******\AppData\Roaming\Skype
2013-07-09 22:42 - 2009-07-14 06:45 - 00340616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-09 22:40 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 22:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 22:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 22:30 - 2012-08-26 08:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-09 22:26 - 2012-08-12 19:03 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-09 22:19 - 2013-07-09 22:11 - 00001120 _____ C:\Users\******\Desktop\fehler.txt
2013-07-08 16:50 - 2013-07-08 16:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2013-07-08 16:34 - 2013-07-08 16:34 - 00000000 ____D C:\Users\******\AppData\Roaming\TeamViewer
2013-07-06 15:43 - 2012-08-12 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 20:23 - 2012-10-07 19:44 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-05 20:22 - 2012-10-07 19:50 - 00000000 ____D C:\Users\******\AppData\Local\Apple Computer
2013-07-05 20:21 - 2013-07-05 20:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 20:04 - 2013-07-05 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 17:34 - 2013-07-03 17:34 - 00000027 _____ C:\Users\******\Desktop\variete.txt
2013-06-28 19:17 - 2013-06-19 18:20 - 00000000 ____D C:\Program Files (x86)\Readiris Pro 14
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iPod
2013-06-26 18:51 - 2013-06-26 18:51 - 00001224 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk
2013-06-23 11:39 - 2013-06-22 18:10 - 00000762 _____ C:\Users\******\Desktop\blum.txt
2013-06-19 18:31 - 2013-06-19 18:20 - 00000000 ____D C:\Users\admin\Documents\Readiris
2013-06-19 18:23 - 2013-06-19 18:23 - 00000000 ____D C:\Users\******\Documents\SafeNet Sentinel
2013-06-19 18:21 - 2013-01-31 22:01 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\Users\admin\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2013-06-19 18:18 - 2012-08-12 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-19 17:53 - 2013-06-19 17:52 - 00005019 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 17:53 - 2012-09-04 22:09 - 00000000 ____D C:\Program Files (x86)\Java

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 19:43

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by admin at 2013-07-15 20:22:52
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Acrobat X Standard - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AuthenTec Fingerprint Software (Version: 8.4.4.39)
BioAPI Framework (Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
CDBurnerXP (x32 Version: 4.5.0.3717)
CloudBerry Explorer for Amazon S3 3.6 (Version: 3.6)
Custom (Version: 01.00.00.000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Data Protection | Access (Version: 2.2.00001.001)
Dell Mobile Broadband Manager (x32 Version: 7.1.0.2)
Dell Touchpad (Version: 7.1211.101.114)
Dell Wireless HSPA Mini-Card Drivers (x32 Version: 7.1.0.3)
DellAccess (Version: 01.01.00.104)
dm-Fotowelt (x32 Version: 5.0.1)
dows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
EMBASSY Client Core (Version: 01.01.00.036)
Free M4a to MP3 Converter 7.1 (x32)
Gemalto (Version: 01.64.01.0010)
HP Photosmart 6520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
IDT Audio (x32 Version: 1.0.6388.0)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) Network Connections Drivers (Version: 16.8)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2712)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.1000.0927)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
IrfanView (remove only) (x32 Version: 4.32)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
L&H TTS3000 Deutsch (x32)
L&H TTS3000 Russian (x32)
LANCOM Advanced VPN Client (x32 Version: 2.30 Build 146)
LANconfig (x32 Version: 8.62.21.0)
LANmonitor/WLANmonitor (x32 Version: 8.62.10.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60816.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.37)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.37)
O2Micro OZ776 SCR Driver (Version: 2.1.4.213)
O2Micro OZ776 SCR Driver (x32 Version: 2.1.4.213)
PC-CCID (Version: 2.0.0)
Preboot Manager (Version: 03.03.00.090)
Private Information Manager (Version: 07.01.00.030)
Profi cash (x32)
QuickTime (x32 Version: 7.74.80.86)
Readiris Pro 14 (x32 Version: 14.00.2753)
Skype™ 6.5 (x32 Version: 6.5.158)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
SPBA 5.9 (Version: 5.9.4.6901)
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.10.0016)
toolkit32for64bit (x32 Version: 7.67.47.0000)
Trusted Drive Manager (Version: 4.5.0.136)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000)
Wave Infrastructure Installer (Version: 07.67.60.0020)
Wave Support Software Installer (Version: 05.13.00.051)
WIDCOMM Bluetooth Software (Version: 6.5.1.2410)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

==================== Restore Points  =========================

16-06-2013 06:27:04 Windows Update
19-06-2013 15:52:05 Installed Java 7 Update 25
19-06-2013 16:19:35 Installed Readiris Pro 14.
21-06-2013 15:57:06 Windows Update
25-06-2013 17:56:52 Windows Update
01-07-2013 17:54:46 Windows-Sicherung
02-07-2013 17:24:08 Windows Update
05-07-2013 18:19:54 Installed QuickTime
09-07-2013 17:25:19 Windows Update
09-07-2013 20:19:48 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {088543B8-1ACF-4CC3-A0CA-A07F825F7887} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {462CE696-27D6-41F5-9AD7-689B1482C341} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {BA29AC09-AFE4-4571-B7FB-A55D86B04663} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {C1B4E332-03A6-4151-BEDB-CA4DACB22EFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2013 05:27:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 04:17:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 11:14:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:29:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:28:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:27:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:16:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 04:47:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 08:23:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 07:14:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/15/2013 07:08:15 PM) (Source: SCardSvr) (User: )
Description: Das Gerät erkennt den Befehl nicht.Mobile Broadband SIM Card Reader 0GET_STATEXX XX XX XX

Error: (07/15/2013 05:28:21 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/15/2013 05:27:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.37 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (07/14/2013 07:26:53 PM) (Source: SCardSvr) (User: )
Description: Das Gerät erkennt den Befehl nicht.Mobile Broadband SIM Card Reader 0GET_STATEXX XX XX XX

Error: (07/14/2013 04:18:33 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/14/2013 04:17:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.37 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (07/14/2013 11:15:26 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/14/2013 11:14:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.37 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (07/14/2013 08:29:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/14/2013 08:29:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinDefend" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1352

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (07/15/2013 05:27:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 04:17:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 11:14:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:29:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:28:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:27:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2013 08:16:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 04:47:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 08:23:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 07:14:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 8074.61 MB
Available physical RAM: 5665.64 MB
Total Pagefile: 16147.41 MB
Available Pagefile: 13647.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:155.12 GB) (Free:99.12 GB) NTFS (Disk=0 Partition=4)
Drive d: (Backup) (Fixed) (Total:156.25 GB) (Free:54.76 GB) NTFS (Disk=0 Partition=2)
Drive e: (Daten) (Fixed) (Total:154.3 GB) (Free:144.34 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E9EAE2D5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=154 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=155 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Alt 15.07.2013, 19:35   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Windows hat Win32/Small.CA Meldung im Wartungscenter

Alt 15.07.2013, 20:30   #7
gusc
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Hallo,

was bei Combofix noch wichtig ist, ist das man es nicht nur als Admin ausführt sondern auch nach dem Neustart sich mit einem Admin Account anmeldet sonst läuft da eine Art "Endlosschleife" in wild aufflackerneden "DOS-Fenstern" (Titel ...pev.3xe).

Code:
ATTFilter
Combofix Logfile:


	
Code: 

 
ATTFilter


  

	
ComboFix 13-07-15.01 - admin 15.07.2013  21:01:06.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8075.6080 [GMT 2:00]
ausgeführt von:: c:\users\gunther\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
FW: LANCOM Advanced VPN Client *Disabled* {2E93E888-9DAC-5065-8626-9C7F7A0820C2}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\SysWow64\instsrv.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-15 bis 2013-07-15  ))))))))))))))))))))))))))))))
.
.
2013-07-15 15:38 . 2013-07-15 15:38	--------	d-----w-	C:\FRST
2013-07-13 17:01 . 2013-07-13 17:19	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-12 18:06 . 2013-07-14 17:34	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A44F2B85-55FF-4752-87CC-0E74193C98E4}\offreg.dll
2013-07-12 17:43 . 2013-07-12 17:43	--------	d-----w-	c:\users\gunther\AppData\Roaming\Malwarebytes
2013-07-12 17:43 . 2013-07-12 17:43	--------	d-----w-	c:\programdata\Malwarebytes
2013-07-12 17:42 . 2013-07-12 17:42	--------	d-----w-	c:\users\gunther\AppData\Local\Programs
2013-07-12 15:42 . 2013-07-12 15:42	--------	d-----w-	c:\users\admin\AppData\Local\Sophos
2013-07-12 14:54 . 2013-07-12 14:56	--------	d-----w-	c:\programdata\Readiris14Pro
2013-07-12 14:26 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A44F2B85-55FF-4752-87CC-0E74193C98E4}\mpengine.dll
2013-07-09 17:26 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-09 17:25 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-07-09 17:25 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-07-08 14:50 . 2013-07-08 14:50	--------	d-----w-	c:\users\admin\AppData\Roaming\TeamViewer
2013-07-08 14:34 . 2013-07-08 14:34	--------	d-----w-	c:\users\gunther\AppData\Roaming\TeamViewer
2013-07-05 18:21 . 2013-07-05 18:21	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-05 18:21 . 2013-07-05 18:21	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-05 18:21 . 2013-07-05 18:21	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-05 18:21 . 2013-07-05 18:21	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-05 18:21 . 2013-07-05 18:21	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-07-05 18:21 . 2013-07-05 18:21	--------	d-----w-	c:\program files (x86)\QuickTime
2013-06-26 17:05 . 2013-06-26 17:06	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 17:05 . 2013-06-26 17:06	--------	d-----w-	c:\program files\iTunes
2013-06-26 17:05 . 2013-06-26 17:06	--------	d-----w-	c:\program files (x86)\iTunes
2013-06-26 17:05 . 2013-06-26 17:05	--------	d-----w-	c:\program files\iPod
2013-06-19 16:20 . 2013-06-19 16:20	--------	d-----w-	c:\programdata\SafeNet Sentinel
2013-06-19 16:20 . 2013-06-28 17:17	--------	d-----w-	c:\program files (x86)\Readiris Pro 14
2013-06-19 15:53 . 2013-06-12 19:47	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 18:00 . 2012-08-12 21:04	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-14 18:00 . 2012-08-12 21:04	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 20:26 . 2012-08-12 17:03	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 19:48 . 2012-08-12 20:41	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2012-08-12 20:41	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-05-21 19:45 . 2013-05-21 19:45	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-05-21 19:45 . 2013-05-21 19:45	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-21 19:45 . 2013-05-21 19:45	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-05-21 19:45 . 2013-05-21 19:45	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-05-21 19:45 . 2013-05-21 19:45	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-05-21 19:45 . 2013-05-21 19:45	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-05-21 19:45 . 2013-05-21 19:45	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-05-21 19:45 . 2013-05-21 19:45	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-21 19:45 . 2013-05-21 19:45	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-05-21 19:45 . 2013-05-21 19:45	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-21 19:45 . 2013-05-21 19:45	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-05-21 19:45 . 2013-05-21 19:45	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-05-21 19:45 . 2013-05-21 19:45	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-05-21 19:45 . 2013-05-21 19:45	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-05-21 19:45 . 2013-05-21 19:45	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-05-21 19:45 . 2013-05-21 19:45	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-05-21 19:45 . 2013-05-21 19:45	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-05-21 19:45 . 2013-05-21 19:45	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-05-21 19:45 . 2013-05-21 19:45	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-21 19:45 . 2013-05-21 19:45	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-21 19:45 . 2013-05-21 19:45	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-21 19:45 . 2013-05-21 19:45	81408	----a-w-	c:\windows\system32\icardie.dll
2013-05-21 19:45 . 2013-05-21 19:45	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-05-21 19:45 . 2013-05-21 19:45	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-05-21 19:45 . 2013-05-21 19:45	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-05-21 19:45 . 2013-05-21 19:45	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-05-21 19:45 . 2013-05-21 19:45	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-05-21 19:45 . 2013-05-21 19:45	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-05-21 19:45 . 2013-05-21 19:45	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-05-21 19:45 . 2013-05-21 19:45	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-05-21 19:45 . 2013-05-21 19:45	441856	----a-w-	c:\windows\system32\html.iec
2013-05-21 19:45 . 2013-05-21 19:45	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-05-21 19:45 . 2013-05-21 19:45	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-21 19:45 . 2013-05-21 19:45	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-05-21 19:45 . 2013-05-21 19:45	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-05-21 19:45 . 2013-05-21 19:45	235008	----a-w-	c:\windows\system32\url.dll
2013-05-21 19:45 . 2013-05-21 19:45	216064	----a-w-	c:\windows\system32\msls31.dll
2013-05-21 19:45 . 2013-05-21 19:45	197120	----a-w-	c:\windows\system32\msrating.dll
2013-05-21 19:45 . 2013-05-21 19:45	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-21 19:45 . 2013-05-21 19:45	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-05-21 19:45 . 2013-05-21 19:45	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-21 19:45 . 2013-05-21 19:45	149504	----a-w-	c:\windows\system32\occache.dll
2013-05-21 19:45 . 2013-05-21 19:45	144896	----a-w-	c:\windows\system32\wextract.exe
2013-05-21 19:45 . 2013-05-21 19:45	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-05-21 19:45 . 2013-05-21 19:45	13824	----a-w-	c:\windows\system32\mshta.exe
2013-05-21 19:45 . 2013-05-21 19:45	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-05-21 19:45 . 2013-05-21 19:45	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-21 19:45 . 2013-05-21 19:45	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-05-21 19:45 . 2013-05-21 19:45	102912	----a-w-	c:\windows\system32\inseng.dll
2013-05-21 19:43 . 2013-05-21 19:43	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-05-21 19:43 . 2013-05-21 19:43	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-05-21 19:43 . 2013-05-21 19:43	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-21 19:43 . 2013-05-21 19:43	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-05-21 19:43 . 2013-05-21 19:43	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-21 19:43 . 2013-05-21 19:43	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-05-21 19:43 . 2013-05-21 19:43	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-05-21 19:43 . 2013-05-21 19:43	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:43	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-21 19:43 . 2013-05-21 19:42	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-05-21 19:42 . 2013-05-21 19:42	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-05-21 19:42 . 2013-05-21 19:42	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-05-21 19:42 . 2013-05-21 19:42	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-05-21 19:42 . 2013-05-21 19:42	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-05-21 19:42 . 2013-05-21 19:42	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-05-21 19:42 . 2013-05-21 19:42	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-05-21 19:42 . 2013-05-21 19:42	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-05-21 19:42 . 2013-05-21 19:42	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-05-21 19:42 . 2013-05-21 19:42	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-05-21 19:42 . 2013-05-21 19:42	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-05-21 19:42 . 2013-05-21 19:42	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-05-21 19:42 . 2013-05-21 19:42	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-05-21 19:42 . 2013-05-21 19:42	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-05-21 19:42 . 2013-05-21 19:42	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-21 19:42 . 2013-05-21 19:42	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-05-21 19:42 . 2013-05-21 19:42	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-05-21 19:42 . 2013-05-21 19:42	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-05-21 19:42 . 2013-05-21 19:42	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-05-21 19:42 . 2013-05-21 19:42	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-05-21 19:42 . 2013-05-21 19:42	1175552	----a-w-	c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 6520 series (NET)"="c:\program files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-02-28 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-02-13 929272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NcpBudgetGui"="c:\program files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe" [2012-04-04 1001472]
"NcpPopup"="c:\program files (x86)\LANCOM\Advanced VPN Client\ncppopup.exe" [2012-03-20 1011280]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-22 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ncpfilt;LANCOM Filter;c:\windows\system32\DRIVERS\ncplelhp.sys;c:\windows\SYSNATIVE\DRIVERS\ncplelhp.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 ncpclcfg;NCP Client Configuration Support;c:\program files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe;c:\program files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe [x]
S2 ncprwsnt;NCP Client VPN und Dialing Service;c:\program files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe;c:\program files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe [x]
S2 NcpSec;NCP Client PKI Support;c:\program files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE;c:\program files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE [x]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 d554gps;Dell Wireless  HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys;c:\windows\SYSNATIVE\DRIVERS\d554gps64.sys [x]
S3 d554scard;Dell Wireless  HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys;c:\windows\SYSNATIVE\DRIVERS\d554scard.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Mbm3CBus;Dell Wireless 5560 HSPA+ Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt;Dell Wireless  HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl;Dell Wireless  HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm;Dell Wireless  HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 ncplelhp;LANCOM Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys;c:\windows\SYSNATIVE\DRIVERS\ncplelhp.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 18:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 08:45	139128	----a-w-	c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 08:45	139128	----a-w-	c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-13 1425408]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-01-25 626552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-24 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-24 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-24 439064]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
TCP: Interfaces\{ACD6D753-617D-48D2-A34B-B0F3B0852278}: NameServer = 212.23.115.148 212.23.97.2
TCP: Interfaces\{D0B4C2AC-4502-4DD8-A4E0-16A230400BB5}: NameServer = 10.0.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xi95likw.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-15  21:18:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-15 19:18
.
Vor Suchlauf: 12 Verzeichnis(se), 109.992.128.512 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 111.694.000.128 Bytes frei
.
- - End Of File - - 38762A885899ABA76805E2D54B9F01FB
         
 
--- --- ---
D41D8CD98F00B204E9800998ECF8427E

Alt 15.07.2013, 20:38   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Gibt WIndows auch an wo die Datei gefunden wird?

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2013, 21:06   #9
gusc
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Hallo,

>Gibt WIndows auch an wo die Datei gefunden wird?

Nein, wenn man im Wartungscenter auf "medlungsdetails Anzeigen" klickt dann kommt nur das:

This solution could not be downloaded
--------------------------------------------------------------------------------
Most likely causes:
The problem report for this solution has been deleted or changed on this computer and is no longer available.

oder meintest du etwas anderes?

Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 15/07/2013 um 21:52:36 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : admin - E5530
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\gunther\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LanConfig

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xi95likw.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\gunther\AppData\Roaming\Mozilla\Firefox\Profiles\w0y5rklk.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [945 octets] - [15/07/2013 21:52:36]

########## EOF - \AdwCleaner[S1].txt - [1004 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Ultimate x64
Ran by admin on 15.07.2013 at 21:56:25,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xi95likw.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.07.2013 at 22:00:14,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by admin (administrator) on 15-07-2013 22:02:22
Running from C:\Users\gunther\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe
(NCP Engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe
() C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE
(O2Micro International) C:\Windows\system32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\sysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [4756240 2012-03-29] (Intel(R) Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKCU\...\Run: [HP Photosmart 6520 series (NET)] - "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN27P1631B05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-13] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NcpBudgetGui] - "C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe" -start [1001472 2012-04-04] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] - "C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncppopup.exe" noerrmsg [1011280 2012-03-20] (NCP engineering GmbH)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [218256 2013-01-24] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [221840 2013-01-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\..\Interfaces\{ACD6D753-617D-48D2-A34B-B0F3B0852278}: [NameServer]212.23.115.148 212.23.97.2
Tcpip\..\Interfaces\{D0B4C2AC-4502-4DD8-A4E0-16A230400BB5}: [NameServer]10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xi95likw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon

==================== Services (Whitelisted) =================

R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 ncpclcfg; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe [139344 2011-07-27] (NCP engineering GmbH)
R2 ncprwsnt; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe [1594448 2012-04-04] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-13] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-01-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-04-24] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-01-24] (Sophos Limited)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [655912 2011-11-18] (Ericsson AB)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-08-12] (Broadcom Corporation.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2011-10-05] (Ericsson AB)
R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2011-08-17] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [103024 2012-04-03] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [103024 2012-04-03] (NCP Engineering GmbH)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-01-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2011-10-01] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 22:00 - 2013-07-15 22:00 - 00000956 _____ C:\Users\gunther\Desktop\JRT.txt
2013-07-15 22:00 - 2013-07-15 22:00 - 00000956 _____ C:\Users\admin\Desktop\JRT.txt
2013-07-15 21:56 - 2013-07-15 21:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-15 21:52 - 2013-07-15 21:52 - 00001071 _____ C:\AdwCleaner[S1].txt
2013-07-15 21:49 - 2013-07-15 21:49 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\gunther\Desktop\JRT.exe
2013-07-15 21:48 - 2013-07-15 21:49 - 00662345 _____ C:\Users\gunther\Desktop\adwcleaner.exe
2013-07-15 21:46 - 2013-07-15 21:46 - 00000438 _____ C:\Users\gunther\Desktop\beitrag.txt
2013-07-15 21:18 - 2013-07-15 21:18 - 00035697 _____ C:\ComboFix.txt
2013-07-15 21:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-15 21:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-15 21:00 - 2009-04-20 06:56 - 00060416 _____ C:\Windows\NIRCMD.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-15 20:59 - 2013-07-15 21:18 - 00000000 ____D C:\Qoobox
2013-07-15 20:59 - 2013-07-15 21:18 - 00000000 ____D C:\ComboFix
2013-07-15 20:59 - 2013-07-15 21:17 - 00000000 ____D C:\Windows\erdnt
2013-07-15 20:58 - 2013-07-15 20:58 - 05089088 ____R (Swearware) C:\Users\gunther\Desktop\ComboFix.exe
2013-07-15 19:08 - 2013-07-15 19:08 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-15 17:38 - 2013-07-15 17:38 - 00000000 ____D C:\FRST
2013-07-15 17:35 - 2013-07-15 17:36 - 01777839 _____ (Farbar) C:\Users\gunther\Desktop\FRST64.exe
2013-07-13 19:01 - 2013-07-13 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\Users\gunther\AppData\Roaming\Malwarebytes
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 17:42 - 2013-07-12 17:42 - 00000000 ____D C:\Users\admin\AppData\Local\Sophos
2013-07-12 16:54 - 2013-07-12 16:56 - 00000000 ____D C:\ProgramData\Readiris14Pro
2013-07-09 22:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-09 22:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-09 22:25 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 22:25 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-09 22:25 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-09 22:25 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 22:11 - 2013-07-09 22:19 - 00001120 _____ C:\Users\gunther\Desktop\fehler.txt
2013-07-09 19:26 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-09 19:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 19:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 19:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-09 19:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 19:25 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 19:25 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 16:50 - 2013-07-08 16:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2013-07-08 16:34 - 2013-07-08 16:34 - 00000000 ____D C:\Users\gunther\AppData\Roaming\TeamViewer
2013-07-05 20:21 - 2013-07-05 20:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 20:03 - 2013-07-05 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 17:34 - 2013-07-03 17:34 - 00000027 _____ C:\Users\gunther\Desktop\variete.txt
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iPod
2013-06-26 18:51 - 2013-06-26 18:51 - 00001224 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk
2013-06-22 18:10 - 2013-06-23 11:39 - 00000762 _____ C:\Users\gunther\Desktop\blum.txt
2013-06-19 18:23 - 2013-07-12 16:57 - 00000000 ____D C:\Users\gunther\Documents\Readiris
2013-06-19 18:23 - 2013-06-19 18:23 - 00000000 ____D C:\Users\gunther\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-28 19:17 - 00000000 ____D C:\Program Files (x86)\Readiris Pro 14
2013-06-19 18:20 - 2013-06-19 18:31 - 00000000 ____D C:\Users\admin\Documents\Readiris
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\Users\admin\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2013-06-19 17:53 - 2013-06-12 21:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 17:53 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 17:53 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 17:53 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 17:52 - 2013-06-19 17:53 - 00005019 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log

==================== One Month Modified Files and Folders =======

2013-07-15 22:01 - 2012-08-12 19:22 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-07-15 22:01 - 2012-08-12 19:22 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-07-15 22:01 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 22:01 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 22:01 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 22:00 - 2013-07-15 22:00 - 00000956 _____ C:\Users\gunther\Desktop\JRT.txt
2013-07-15 22:00 - 2013-07-15 22:00 - 00000956 _____ C:\Users\admin\Desktop\JRT.txt
2013-07-15 21:57 - 2013-02-13 19:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 21:56 - 2013-07-15 21:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-15 21:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 21:53 - 2012-08-12 09:27 - 01410236 _____ C:\Windows\WindowsUpdate.log
2013-07-15 21:53 - 2009-07-14 06:51 - 00062892 _____ C:\Windows\setupact.log
2013-07-15 21:52 - 2013-07-15 21:52 - 00001071 _____ C:\AdwCleaner[S1].txt
2013-07-15 21:49 - 2013-07-15 21:49 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\gunther\Desktop\JRT.exe
2013-07-15 21:49 - 2013-07-15 21:48 - 00662345 _____ C:\Users\gunther\Desktop\adwcleaner.exe
2013-07-15 21:46 - 2013-07-15 21:46 - 00000438 _____ C:\Users\gunther\Desktop\beitrag.txt
2013-07-15 21:18 - 2013-07-15 21:18 - 00035697 _____ C:\ComboFix.txt
2013-07-15 21:18 - 2013-07-15 20:59 - 00000000 ____D C:\Qoobox
2013-07-15 21:18 - 2013-07-15 20:59 - 00000000 ____D C:\ComboFix
2013-07-15 21:18 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-15 21:17 - 2013-07-15 20:59 - 00000000 ____D C:\Windows\erdnt
2013-07-15 21:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-15 21:05 - 2010-11-21 05:47 - 00009050 _____ C:\Windows\PFRO.log
2013-07-15 21:05 - 2009-07-14 04:34 - 75497472 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-15 21:05 - 2009-07-14 04:34 - 17563648 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-15 21:05 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-15 21:05 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-15 21:05 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-07-15 20:58 - 2013-07-15 20:58 - 05089088 ____R (Swearware) C:\Users\gunther\Desktop\ComboFix.exe
2013-07-15 19:08 - 2013-07-15 19:08 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-15 17:38 - 2013-07-15 17:38 - 00000000 ____D C:\FRST
2013-07-15 17:36 - 2013-07-15 17:35 - 01777839 _____ (Farbar) C:\Users\gunther\Desktop\FRST64.exe
2013-07-15 17:27 - 2012-08-12 13:52 - 00000438 __RSH C:\ProgramData\ntuser.pol
2013-07-14 20:01 - 2012-09-11 20:20 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2013-07-14 20:00 - 2013-02-13 19:11 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-14 20:00 - 2012-08-12 23:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-14 20:00 - 2012-08-12 23:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 19:19 - 2013-07-13 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 20:58 - 2012-08-26 11:53 - 00000000 ____D C:\Users\gunther\Documents\Outlook-Dateien
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\Users\gunther\AppData\Roaming\Malwarebytes
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 17:42 - 2013-07-12 17:42 - 00000000 ____D C:\Users\admin\AppData\Local\Sophos
2013-07-12 17:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-12 16:57 - 2013-06-19 18:23 - 00000000 ____D C:\Users\gunther\Documents\Readiris
2013-07-12 16:56 - 2013-07-12 16:54 - 00000000 ____D C:\ProgramData\Readiris14Pro
2013-07-10 20:15 - 2013-04-06 20:19 - 00000407 _____ C:\Users\gunther\Desktop\musik_ab_24_04.txt
2013-07-09 23:31 - 2012-10-26 20:04 - 00000000 ____D C:\Users\gunther\AppData\Roaming\Skype
2013-07-09 22:42 - 2009-07-14 06:45 - 00340616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-09 22:40 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 22:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 22:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 22:30 - 2012-08-26 08:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-09 22:26 - 2012-08-12 19:03 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-09 22:19 - 2013-07-09 22:11 - 00001120 _____ C:\Users\gunther\Desktop\fehler.txt
2013-07-08 16:50 - 2013-07-08 16:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2013-07-08 16:34 - 2013-07-08 16:34 - 00000000 ____D C:\Users\gunther\AppData\Roaming\TeamViewer
2013-07-06 15:43 - 2012-08-12 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 20:23 - 2012-10-07 19:44 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-05 20:22 - 2012-10-07 19:50 - 00000000 ____D C:\Users\gunther\AppData\Local\Apple Computer
2013-07-05 20:21 - 2013-07-05 20:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 20:04 - 2013-07-05 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 17:34 - 2013-07-03 17:34 - 00000027 _____ C:\Users\gunther\Desktop\variete.txt
2013-06-28 19:17 - 2013-06-19 18:20 - 00000000 ____D C:\Program Files (x86)\Readiris Pro 14
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iPod
2013-06-26 18:51 - 2013-06-26 18:51 - 00001224 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk
2013-06-23 11:39 - 2013-06-22 18:10 - 00000762 _____ C:\Users\gunther\Desktop\blum.txt
2013-06-19 18:31 - 2013-06-19 18:20 - 00000000 ____D C:\Users\admin\Documents\Readiris
2013-06-19 18:23 - 2013-06-19 18:23 - 00000000 ____D C:\Users\gunther\Documents\SafeNet Sentinel
2013-06-19 18:21 - 2013-01-31 22:01 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\Users\admin\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2013-06-19 18:18 - 2012-08-12 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-19 17:53 - 2013-06-19 17:52 - 00005019 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 17:53 - 2012-09-04 22:09 - 00000000 ____D C:\Program Files (x86)\Java

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 19:43

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by admin at 2013-07-15 22:02:48
Running from C:\Users\gunther\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Acrobat X Standard - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AuthenTec Fingerprint Software (Version: 8.4.4.39)
BioAPI Framework (Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
CDBurnerXP (x32 Version: 4.5.0.3717)
CloudBerry Explorer for Amazon S3 3.6 (Version: 3.6)
Custom (Version: 01.00.00.000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Data Protection | Access (Version: 2.2.00001.001)
Dell Mobile Broadband Manager (x32 Version: 7.1.0.2)
Dell Touchpad (Version: 7.1211.101.114)
Dell Wireless HSPA Mini-Card Drivers (x32 Version: 7.1.0.3)
DellAccess (Version: 01.01.00.104)
dm-Fotowelt (x32 Version: 5.0.1)
dows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
EMBASSY Client Core (Version: 01.01.00.036)
Free M4a to MP3 Converter 7.1 (x32)
Gemalto (Version: 01.64.01.0010)
HP Photosmart 6520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
IDT Audio (x32 Version: 1.0.6388.0)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) Network Connections Drivers (Version: 16.8)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2712)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.1000.0927)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
IrfanView (remove only) (x32 Version: 4.32)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
L&H TTS3000 Deutsch (x32)
L&H TTS3000 Russian (x32)
LANCOM Advanced VPN Client (x32 Version: 2.30 Build 146)
LANmonitor/WLANmonitor (x32 Version: 8.62.10.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60816.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.37)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.37)
O2Micro OZ776 SCR Driver (Version: 2.1.4.213)
O2Micro OZ776 SCR Driver (x32 Version: 2.1.4.213)
PC-CCID (Version: 2.0.0)
Preboot Manager (Version: 03.03.00.090)
Private Information Manager (Version: 07.01.00.030)
Profi cash (x32)
QuickTime (x32 Version: 7.74.80.86)
Readiris Pro 14 (x32 Version: 14.00.2753)
Skype™ 6.5 (x32 Version: 6.5.158)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
SPBA 5.9 (Version: 5.9.4.6901)
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.10.0016)
toolkit32for64bit (x32 Version: 7.67.47.0000)
Trusted Drive Manager (Version: 4.5.0.136)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000)
Wave Infrastructure Installer (Version: 07.67.60.0020)
Wave Support Software Installer (Version: 05.13.00.051)
WIDCOMM Bluetooth Software (Version: 6.5.1.2410)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

==================== Restore Points  =========================

01-07-2013 17:54:46 Windows-Sicherung
02-07-2013 17:24:08 Windows Update
05-07-2013 18:19:54 Installed QuickTime
09-07-2013 17:25:19 Windows Update
09-07-2013 20:19:48 Windows Update
15-07-2013 19:00:05 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-15 21:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {088543B8-1ACF-4CC3-A0CA-A07F825F7887} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {BA29AC09-AFE4-4571-B7FB-A55D86B04663} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {C1B4E332-03A6-4151-BEDB-CA4DACB22EFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated)
Task: {E7FBF128-003E-4A58-802D-690CC842C365} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-15 21:04:14.923
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-15 21:04:14.892
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 8074.61 MB
Available physical RAM: 6309.03 MB
Total Pagefile: 16147.41 MB
Available Pagefile: 14297.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:155.12 GB) (Free:103.86 GB) NTFS (Disk=0 Partition=4)
Drive d: (Backup) (Fixed) (Total:156.25 GB) (Free:54.9 GB) NTFS (Disk=0 Partition=2)
Drive e: (Daten) (Fixed) (Total:154.3 GB) (Free:144.34 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E9EAE2D5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=154 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=155 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 16.07.2013, 07:19   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Nee passt schon


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.07.2013, 19:40   #11
gusc
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Hallo,

anbei die gewünwschten Infos. Hast Du schon mal darüber nachgedacht ob die Meldung evenzuell "auch" (?) ein Fehlalarm ist (http://www.trojaner-board.de/134872-...-ca-virus.html). Zumindest ist bei mir die Konfiguration sehr ähnlich (Windowas 7 64-bit, Sophos...)

Probleme bestehen leider immer noch :-(

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ec63e4d105928f44a524e139384aeb2d
# engine=14418
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-16 06:17:11
# local_time=2013-07-16 08:17:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 79984 125628481 0 0
# compatibility_mode=8450 16777213 85 98 80015 59758222 0 0
# scanned=160126
# found=0
# cleaned=0
# scan_time=3938
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.69  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Sophos Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0) 
````````Process Check: objlist.exe by Laurent````````  
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Control swc_service.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
 windows defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by admin (administrator) on 16-07-2013 20:33:54
Running from C:\Users\gunther\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe
(NCP Engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe
() C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE
(O2Micro International) C:\Windows\system32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\sysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [4756240 2012-03-29] (Intel(R) Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKCU\...\Run: [HP Photosmart 6520 series (NET)] - "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN27P1631B05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-13] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NcpBudgetGui] - "C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe" -start [1001472 2012-04-04] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] - "C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncppopup.exe" noerrmsg [1011280 2012-03-20] (NCP engineering GmbH)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [218256 2013-01-24] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [221840 2013-01-24] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\..\Interfaces\{ACD6D753-617D-48D2-A34B-B0F3B0852278}: [NameServer]212.23.115.148 212.23.97.2
Tcpip\..\Interfaces\{D0B4C2AC-4502-4DD8-A4E0-16A230400BB5}: [NameServer]10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\xi95likw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon

==================== Services (Whitelisted) =================

R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 ncpclcfg; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe [139344 2011-07-27] (NCP engineering GmbH)
R2 ncprwsnt; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe [1594448 2012-04-04] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-13] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-01-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-04-24] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-01-24] (Sophos Limited)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [655912 2011-11-18] (Ericsson AB)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-08-12] (Broadcom Corporation.)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [102440 2011-10-05] (Ericsson AB)
R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2011-08-17] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [103024 2012-04-03] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [103024 2012-04-03] (NCP Engineering GmbH)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-01-24] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2011-10-01] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 20:30 - 2013-07-16 20:31 - 00001050 _____ C:\Users\admin\Desktop\checkup.txt
2013-07-16 20:22 - 2013-07-16 20:22 - 00891022 _____ C:\Users\gunther\Desktop\SecurityCheck.exe
2013-07-16 20:05 - 2013-07-16 20:05 - 00000188 _____ C:\Users\gunther\Desktop\beitrag.txt
2013-07-16 19:04 - 2013-07-16 19:04 - 02347384 _____ (ESET) C:\Users\gunther\Desktop\esetsmartinstaller_enu.exe
2013-07-15 22:00 - 2013-07-15 22:00 - 00000956 _____ C:\Users\admin\Desktop\JRT.txt
2013-07-15 21:56 - 2013-07-15 21:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-15 21:49 - 2013-07-15 21:49 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\gunther\Desktop\JRT.exe
2013-07-15 21:48 - 2013-07-15 21:49 - 00662345 _____ C:\Users\gunther\Desktop\adwcleaner.exe
2013-07-15 21:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-15 21:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-15 21:00 - 2009-04-20 06:56 - 00060416 _____ C:\Windows\NIRCMD.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-15 21:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-15 20:59 - 2013-07-15 21:18 - 00000000 ____D C:\Qoobox
2013-07-15 20:59 - 2013-07-15 21:18 - 00000000 ____D C:\ComboFix
2013-07-15 20:59 - 2013-07-15 21:17 - 00000000 ____D C:\Windows\erdnt
2013-07-15 20:58 - 2013-07-15 20:58 - 05089088 ____R (Swearware) C:\Users\gunther\Desktop\ComboFix.exe
2013-07-15 19:08 - 2013-07-15 19:08 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-15 17:38 - 2013-07-15 17:38 - 00000000 ____D C:\FRST
2013-07-15 17:35 - 2013-07-15 17:36 - 01777839 _____ (Farbar) C:\Users\gunther\Desktop\FRST64.exe
2013-07-13 19:01 - 2013-07-13 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\Users\gunther\AppData\Roaming\Malwarebytes
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 17:42 - 2013-07-12 17:42 - 00000000 ____D C:\Users\admin\AppData\Local\Sophos
2013-07-12 16:54 - 2013-07-12 16:56 - 00000000 ____D C:\ProgramData\Readiris14Pro
2013-07-09 22:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 22:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 22:25 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-09 22:25 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-09 22:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-09 22:25 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-09 22:25 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 22:25 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-09 22:25 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-09 22:25 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 22:11 - 2013-07-09 22:19 - 00001120 _____ C:\Users\gunther\Desktop\fehler.txt
2013-07-09 19:26 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-09 19:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 19:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 19:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-09 19:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 19:25 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 19:25 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 16:50 - 2013-07-08 16:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2013-07-08 16:34 - 2013-07-08 16:34 - 00000000 ____D C:\Users\gunther\AppData\Roaming\TeamViewer
2013-07-05 20:21 - 2013-07-05 20:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 20:03 - 2013-07-05 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 19:05 - 2013-06-26 19:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iPod
2013-06-26 18:51 - 2013-06-26 18:51 - 00001224 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk
2013-06-22 18:10 - 2013-06-23 11:39 - 00000762 _____ C:\Users\gunther\Desktop\blum.txt
2013-06-19 18:23 - 2013-07-12 16:57 - 00000000 ____D C:\Users\gunther\Documents\Readiris
2013-06-19 18:23 - 2013-06-19 18:23 - 00000000 ____D C:\Users\gunther\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-28 19:17 - 00000000 ____D C:\Program Files (x86)\Readiris Pro 14
2013-06-19 18:20 - 2013-06-19 18:31 - 00000000 ____D C:\Users\admin\Documents\Readiris
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\Users\admin\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2013-06-19 17:53 - 2013-06-12 21:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 17:53 - 2013-06-12 21:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 17:53 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 17:53 - 2013-06-12 21:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 17:52 - 2013-06-19 17:53 - 00005019 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log

==================== One Month Modified Files and Folders =======

2013-07-16 20:31 - 2013-07-16 20:30 - 00001050 _____ C:\Users\admin\Desktop\checkup.txt
2013-07-16 20:22 - 2013-07-16 20:22 - 00891022 _____ C:\Users\gunther\Desktop\SecurityCheck.exe
2013-07-16 20:05 - 2013-07-16 20:05 - 00000188 _____ C:\Users\gunther\Desktop\beitrag.txt
2013-07-16 19:57 - 2013-02-13 19:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 19:40 - 2012-08-12 09:27 - 01467952 _____ C:\Windows\WindowsUpdate.log
2013-07-16 19:09 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 19:09 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 19:07 - 2012-08-12 19:22 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-07-16 19:07 - 2012-08-12 19:22 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-07-16 19:07 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-16 19:04 - 2013-07-16 19:04 - 02347384 _____ (ESET) C:\Users\gunther\Desktop\esetsmartinstaller_enu.exe
2013-07-16 19:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 19:01 - 2009-07-14 06:51 - 00062948 _____ C:\Windows\setupact.log
2013-07-15 22:00 - 2013-07-15 22:00 - 00000956 _____ C:\Users\admin\Desktop\JRT.txt
2013-07-15 21:56 - 2013-07-15 21:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-15 21:49 - 2013-07-15 21:49 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\gunther\Desktop\JRT.exe
2013-07-15 21:49 - 2013-07-15 21:48 - 00662345 _____ C:\Users\gunther\Desktop\adwcleaner.exe
2013-07-15 21:18 - 2013-07-15 20:59 - 00000000 ____D C:\Qoobox
2013-07-15 21:18 - 2013-07-15 20:59 - 00000000 ____D C:\ComboFix
2013-07-15 21:18 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-15 21:17 - 2013-07-15 20:59 - 00000000 ____D C:\Windows\erdnt
2013-07-15 21:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-15 21:05 - 2010-11-21 05:47 - 00009050 _____ C:\Windows\PFRO.log
2013-07-15 21:05 - 2009-07-14 04:34 - 75497472 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-15 21:05 - 2009-07-14 04:34 - 17563648 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-15 21:05 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-15 21:05 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-15 21:05 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-07-15 20:58 - 2013-07-15 20:58 - 05089088 ____R (Swearware) C:\Users\gunther\Desktop\ComboFix.exe
2013-07-15 19:08 - 2013-07-15 19:08 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-15 17:38 - 2013-07-15 17:38 - 00000000 ____D C:\FRST
2013-07-15 17:36 - 2013-07-15 17:35 - 01777839 _____ (Farbar) C:\Users\gunther\Desktop\FRST64.exe
2013-07-15 17:27 - 2012-08-12 13:52 - 00000438 __RSH C:\ProgramData\ntuser.pol
2013-07-14 20:01 - 2012-09-11 20:20 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2013-07-14 20:00 - 2013-02-13 19:11 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-14 20:00 - 2012-08-12 23:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-14 20:00 - 2012-08-12 23:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 19:19 - 2013-07-13 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 20:58 - 2012-08-26 11:53 - 00000000 ____D C:\Users\gunther\Documents\Outlook-Dateien
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\Users\gunther\AppData\Roaming\Malwarebytes
2013-07-12 19:43 - 2013-07-12 19:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 17:42 - 2013-07-12 17:42 - 00000000 ____D C:\Users\admin\AppData\Local\Sophos
2013-07-12 17:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-12 16:57 - 2013-06-19 18:23 - 00000000 ____D C:\Users\gunther\Documents\Readiris
2013-07-12 16:56 - 2013-07-12 16:54 - 00000000 ____D C:\ProgramData\Readiris14Pro
2013-07-10 20:15 - 2013-04-06 20:19 - 00000407 _____ C:\Users\gunther\Desktop\musik_ab_24_04.txt
2013-07-09 23:31 - 2012-10-26 20:04 - 00000000 ____D C:\Users\gunther\AppData\Roaming\Skype
2013-07-09 22:42 - 2009-07-14 06:45 - 00340616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-09 22:40 - 2010-11-21 09:16 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 22:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 22:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 22:30 - 2012-08-26 08:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-09 22:26 - 2012-08-12 19:03 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-09 22:19 - 2013-07-09 22:11 - 00001120 _____ C:\Users\gunther\Desktop\fehler.txt
2013-07-08 16:50 - 2013-07-08 16:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2013-07-08 16:34 - 2013-07-08 16:34 - 00000000 ____D C:\Users\gunther\AppData\Roaming\TeamViewer
2013-07-06 15:43 - 2012-08-12 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 20:23 - 2012-10-07 19:44 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-05 20:22 - 2012-10-07 19:50 - 00000000 ____D C:\Users\gunther\AppData\Local\Apple Computer
2013-07-05 20:21 - 2013-07-05 20:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-05 20:04 - 2013-07-05 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-28 19:17 - 2013-06-19 18:20 - 00000000 ____D C:\Program Files (x86)\Readiris Pro 14
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iTunes
2013-06-26 19:06 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\iPod
2013-06-26 18:51 - 2013-06-26 18:51 - 00001224 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk
2013-06-23 11:39 - 2013-06-22 18:10 - 00000762 _____ C:\Users\gunther\Desktop\blum.txt
2013-06-19 18:31 - 2013-06-19 18:20 - 00000000 ____D C:\Users\admin\Documents\Readiris
2013-06-19 18:23 - 2013-06-19 18:23 - 00000000 ____D C:\Users\gunther\Documents\SafeNet Sentinel
2013-06-19 18:21 - 2013-01-31 22:01 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\Users\admin\Documents\SafeNet Sentinel
2013-06-19 18:20 - 2013-06-19 18:20 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2013-06-19 18:18 - 2012-08-12 13:51 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-19 17:53 - 2013-06-19 17:52 - 00005019 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 17:53 - 2012-09-04 22:09 - 00000000 ____D C:\Program Files (x86)\Java

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 19:43

==================== End Of Log ============================
--- --- ---


Viele Grüße

gusc

Alt 17.07.2013, 08:09   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Fehlalarm, trotzdem mussten wir erstmal die Adware und Kram entfernen. Deinstalliere Sophos komplett, installier was andres und teste nochmal.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.07.2013, 15:31   #13
gusc
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Hallo,

puh, da bin ich aber froh :-)

Ich möchte Sophos erst mal nicht deinstallieren, weil ich mit dem Programm ansonsten sehr zufrieden bin und weil ich hoffe das Sophos das Problem selbst in absehbarer Zeit behebt. Wenn dasa aber nicht der Fall ist werde ich über Deinen Vorschlag ernsthaft nachdenken.

Kann ich bezüglich der verwendeten tools noch etwas deinstallieren, ESET hattest Du ja schon erwähnt.

Viele Grüße

gusc

Alt 18.07.2013, 07:16   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Ja wir räumen jetzt auf

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.07.2013, 19:14   #15
gusc
 
Windows hat Win32/Small.CA Meldung im Wartungscenter - Standard

Windows hat Win32/Small.CA Meldung im Wartungscenter


Hallo,

alles erledigt :-) Besten Dank für Deine Hilfe :-)

Viele Grüße

gusc

Antwort
Seite 1 von 2 1 2

Themen zu Windows hat Win32/Small.CA Meldung im Wartungscenter
64 bit, andere, anderen, beitrag, bekannte, bewirkt, compu, computervirus, erschein, erscheint, fehlalarm, funktionier, funktioniert, installier, meldung, nichts, scan, scanner, sophos, wartungscenter, win32/small.ca, windows, windows 7


« Google öffnet lauter leere Fenster | Iminent Problem »


Ähnliche Themen: Windows hat Win32/Small.CA Meldung im Wartungscenter


  1. Wartungscenter meldet Fund des TrojanDownloader:Win32/Adload.DA
    Log-Analyse und Auswertung - 13.01.2015 (7)
  2. Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter
    Log-Analyse und Auswertung - 25.10.2014 (7)
  3. Windows 7 meldet Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 24.05.2014 (7)
  4. Bei jedem Neustart: Wartungscenter 1 wichtige Meldung. AVIRA Desktop ist nicht aktiviert?
    Alles rund um Windows - 05.04.2014 (1)
  5. Vor langer Zeit Win32/Small.CA-Virus Meldung
    Plagegeister aller Art und deren Bekämpfung - 22.02.2014 (18)
  6. Win 7_zeigt Win32/Small.CA Virus Meldung
    Log-Analyse und Auswertung - 13.12.2013 (23)
  7. Windows 7 Meldung Win32/Small-CA Virus entfernen, AntiVir findet nichts, Windows Update und Defender funktionieren nicht mehr
    Log-Analyse und Auswertung - 20.11.2013 (15)
  8. Kasperski meldet c:\windows\system32\fsvk.exe.exe, Wartungscenter Befall Win32/Small.CA Virus
    Log-Analyse und Auswertung - 04.11.2013 (7)
  9. Windows 7: Wartungscenter meldet: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 12.10.2013 (21)
  10. Windows-Meldung Win32/Small.CA
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (15)
  11. Ich bekomme die Meldung win32/small.ca-virus entfernen. Was soll ich tun? Win 7 64 bit
    Log-Analyse und Auswertung - 21.09.2013 (5)
  12. Windows-Wartungscenter meldet mir: Entfernen des TrojanDownloader:Win32/Adload.DA-Virus
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (1)
  13. Windows 7: Wartungscenter zeigt "Entfernen des Win32/Small.CA-Virus von Ihrem PC"
    Log-Analyse und Auswertung - 10.09.2013 (11)
  14. Win32/Small.CA-Virus wird im Wartungscenter von Windows 7 angezeigt
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (11)
  15. Win32/Small.CA-Virus vom Windows-Wartungscenter gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (9)
  16. Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 14.05.2013 (8)
  17. Wartungscenter Meldung: TrojanDownloader: Win32/Adload.DA Virus
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows hat Win32/Small.CA Meldung im Wartungscenter - Hallo, im Windows Wartungscenter (Windows 7 Ulimate 64 bit) erscheint die Meldung: "Windows hat Win32/Small.CA, einen bekannten Computervirus, auf Ihrem PC erkannt. Win32/Small.CA hat bewirkt, dass Ihr PC 1 Mal - Windows hat Win32/Small.CA Meldung im Wartungscenter...
Archiv
Du betrachtest: Windows hat Win32/Small.CA Meldung im Wartungscenter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55