Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu

Oemerich · 16.07.2013, 21:21

Hallo zusammen,

ich habe ein Problem mit meinem ca. 1 Jahr alten Win7-64-bit-Laptop von Lenovo.

Mir ist bisher zwei, drei mal folgendes passiert:

Während dem normalen PC-Betrieb (Musik hören über Winamp, surfen im Internet mit Firefox und auf Facebook mit Google Chrome) meldet Sophos Antivirus plötzlich ohne vorherige Ankündigung, dass die "On-Access-Scans" deaktiviert wurden.
Kurz darauf meldet das Fähnchen vom Windows-Wartungscenter, dass das "Windows Sicherheitscenter deaktiviert" wurde (den genauen Wortlaut hier habe ich leider nicht im Kopf, in dem Moment war ich immer total baff und es ging relativ schnell). Weiterhin werden automatisch die Firewall von Windows und andere Sicherheits-Einrichtungen deaktiviert.
Dann dauert es geschätzte 20 Sekunden, dann ist der Rechner plötzlich komplett aus (wie wenn man einfach den Saft abgedreht hätte) und er fährt wieder hoch.

Nach dem Hochfahren verhält sich Sophos wieder ganz normal (On-Access-Scans sind wieder aktiviert) und auch das Wartungscenter vermeldet nur, dass geraten wird, eine Sicherung der Dateien anzulegen (das tut es andauernd, auch vor dem Auftreten des beschriebenen Fehlers).

Anderes evtl. sicherheitsrelevantes, seltsames Verhalten meines Laptops ist mir bisher noch nicht aufgefallen.

Gemäß der Anleitung hab ich zuerst defogger heruntergeladen und ausgeführt.
Ich hatte den Eindruck, dass defogger nichts deaktiviert hat (ich musste nicht neustarten, es ging ganz schnell; außerdem hatte ich nie CD-Emulatoren auf dem Laptop; mit VM-Ware habe ich allerdings zwei virtuelle Maschinen auf dem Laptop, hat das vielleicht einen Einfluss?).

OTL brachte mit deaktivierten Programmen folgende Ergebnisse:

OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.07.13 17:42:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
3,72 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,77% Memory free
7,45 Gb Paging File | 5,06 Gb Available in Paging File | 67,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,62 Gb Total Space | 151,72 Gb Free Space | 33,67% Space Free | Partition Type: NTFS
Drive D: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Q: | 13,67 Gb Total Space | 2,32 Gb Free Space | 16,94% Space Free | Partition Type: NTFS
 
Computer Name: BRELLA-SEPP | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.15 17:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
PRC - [2013.07.15 17:35:51 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
PRC - [2013.06.07 21:37:51 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.06.07 21:37:49 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.06.07 21:36:06 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2013.06.07 21:34:03 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2013.06.07 21:33:53 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.04.19 15:30:20 | 000,583,744 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2013.04.19 15:30:20 | 000,125,504 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2013.04.19 15:30:16 | 000,127,072 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2013.03.18 17:07:58 | 000,602,112 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.10.30 19:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012.10.30 12:20:34 | 001,315,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
PRC - [2012.10.20 00:02:24 | 000,070,728 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
PRC - [2012.09.25 11:52:27 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.05.15 16:45:22 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
PRC - [2012.05.01 23:30:00 | 001,662,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2012.05.01 23:30:00 | 000,128,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2012.04.02 16:53:36 | 000,170,832 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2012.04.02 16:53:18 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2012.02.28 10:20:58 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 10:20:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.28 10:20:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.26 20:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.08 16:38:28 | 000,083,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe
PRC - [2012.01.27 15:06:12 | 000,485,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMResident.exe
PRC - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2010.10.27 22:11:00 | 000,079,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe
PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
PRC - [2010.08.18 03:43:26 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe
PRC - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.15 17:35:51 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
MOD - [2012.10.20 00:01:30 | 000,051,272 | ---- | M] () -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.28 06:52:04 | 000,061,224 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.12.28 22:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009.07.14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013.06.30 13:43:58 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.07 21:37:51 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.06.07 21:36:06 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2013.06.07 21:34:03 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2013.06.07 21:33:53 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.06.07 21:32:50 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2013.04.19 15:30:20 | 000,125,504 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2013.04.19 15:30:16 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2013.04.19 15:30:02 | 000,145,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2013.04.11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013.02.19 20:34:50 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.11.18 15:32:30 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.30 19:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012.10.20 00:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012.10.11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.09.25 11:52:27 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.10 11:23:12 | 000,029,472 | ---- | M] (Macheen) [Disabled | Stopped] -- C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe -- (MacheenService)
SRV - [2012.05.10 15:45:58 | 000,143,936 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2012.05.01 23:30:00 | 001,665,088 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2012.05.01 23:30:00 | 001,662,528 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2012.05.01 23:30:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012.04.19 00:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2012.04.10 17:37:24 | 000,449,912 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\ISD\ISD_TouchService.exe -- (TouchServiceISD)
SRV - [2012.04.10 17:37:22 | 005,650,296 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD)
SRV - [2012.04.02 16:53:36 | 000,170,832 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV - [2012.04.02 16:53:30 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2012.04.02 16:53:18 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2012.02.28 10:20:58 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 10:20:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.28 10:20:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.02.26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.02.26 05:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.02.26 05:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.02.14 11:12:50 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012.02.08 16:38:28 | 000,083,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe -- (TabletSVC)
SRV - [2012.02.03 10:30:06 | 000,655,400 | R--- | M] (Ericsson AB) [Disabled | Stopped] -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2011.11.09 20:11:05 | 008,447,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2011.09.22 22:07:34 | 058,345,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2011.09.22 22:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 22:06:04 | 000,431,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2011.07.12 09:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.10.27 22:11:00 | 000,079,136 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe -- (ASRSVC)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.18 03:43:26 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV:64bit: - [2013.06.07 21:36:19 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2013.04.28 06:52:04 | 000,044,800 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2013.04.24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013.02.26 03:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013.02.26 03:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013.02.26 03:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013.02.26 03:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013.02.26 03:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013.02.19 20:34:56 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.24 20:20:54 | 000,375,640 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs4.sys -- (cbfs4)
DRV:64bit: - [2012.12.06 13:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.10.24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.10.24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.10.20 00:02:16 | 000,189,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2012.10.20 00:02:12 | 000,048,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2012.10.20 00:02:06 | 000,018,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2012.10.20 00:02:04 | 000,058,952 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2012.10.11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.10.11 17:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012.09.25 11:59:13 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.09.25 11:43:12 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2012.09.10 17:06:50 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.29 02:20:11 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.05.01 23:30:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012.05.01 23:30:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012.04.19 17:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012.04.19 17:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012.03.28 13:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012.03.24 00:18:04 | 000,016,368 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVTHid.sys -- (wacomvthid)
DRV:64bit: - [2012.03.24 00:17:58 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2012.03.24 00:17:52 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.14 21:49:50 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.14 21:49:50 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.14 21:49:46 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.14 21:49:46 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.14 21:49:46 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.14 21:49:46 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.01.13 10:08:42 | 000,102,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
DRV:64bit: - [2012.01.11 05:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.12.28 22:48:24 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.12.28 22:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.12.26 11:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.12.08 23:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.08 23:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.12.07 18:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
DRV:64bit: - [2011.12.07 10:54:20 | 000,282,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011.12.05 21:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.10.05 11:38:32 | 000,029,736 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011.10.05 11:38:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011.09.22 22:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011.08.22 15:47:50 | 000,483,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2011.08.22 15:47:50 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2011.08.22 15:47:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2011.08.22 15:47:44 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2011.05.29 12:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011.05.25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.06.28 19:39:46 | 000,017,064 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wstbtndb.sys -- (HBtnKey)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.26 16:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKCU\..\SearchScopes\{83FDA5A0-0FB2-42AE-AEDE-6DFC67F8C71F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=kw&q={searchTerms}&locale=&apn_ptnrs=UJ&apn_dtid=YYYYYYYYDE&apn_uid=42e32f80-b696-4222-873a-ee5a448a2c2e&apn_sauid=611482D1-574D-4CED-9B1F-90912EBB5208
IE - HKCU\..\SearchScopes\{9DD9F623-6912-43CB-8DEF-1FD002EC63A0}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2851647.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Be8f509f0-b677-11de-8a39-0800200c9a66%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.9: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.07.28 16:46:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.10.02 10:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.30 13:43:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.28 14:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.30 13:43:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.28 14:03:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.29 21:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2013.05.26 21:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\w3p8t5fg.default\extensions
[2013.05.26 21:12:17 | 000,534,431 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.05.09 13:05:23 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.12 14:57:06 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
[2012.09.25 23:23:59 | 000,001,499 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\computerbase.xml
[2013.01.14 15:38:13 | 000,005,462 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\das-rtliche.xml
[2012.11.11 17:14:33 | 000,001,330 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\wikipedia-en.xml
[2013.01.06 23:46:28 | 000,002,446 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\wiktionary-de.xml
[2012.09.21 22:49:04 | 000,002,057 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\youtube-videosuche.xml
[2013.06.30 13:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.30 13:44:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ResetACGauge] C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TSMResident] C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMRESIDENT.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0265F7FF-6635-4F90-9365-901FB054D9D1}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692E5C5D-0503-4B4D-8A2D-5E05904BB693}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6EE25AC-971F-476E-8EF3-68612859A062}: NameServer = 195.230.105.134 195.230.105.135
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {52983F03-8160-49F0-A3D9-B60F8E54A900} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator-cbfs4 - {52983F03-8160-49F0-A3D9-B60F8E54A900} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {52983F03-8160-49F0-A3D9-B60F8E54A900} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {52983F03-8160-49F0-A3D9-B60F8E54A900} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.15 05:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{a305d895-d8bf-11e1-b41a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a305d895-d8bf-11e1-b41a-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 05:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.15 17:38:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.07.07 14:27:45 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2013.07.07 14:27:45 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2013.07.07 14:27:45 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2013.07.07 14:27:45 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2013.07.07 14:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2013.07.07 14:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick
[2013.07.07 13:49:50 | 000,000,000 | ---D | C] -- C:\UserData
[2013.07.07 13:42:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2013.06.30 13:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.30 13:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.28 19:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2013.06.28 18:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire Interactive
[2013.06.28 14:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.15 17:40:07 | 000,377,856 | ---- | M] () -- C:\Users\Stefan\Desktop\gmer_2.1.19163.exe
[2013.07.15 17:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.07.15 17:36:30 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2013.07.15 17:35:51 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2013.07.15 17:11:08 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.15 17:05:12 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.15 17:04:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.14 20:46:03 | 005,872,658 | ---- | M] () -- C:\Users\Stefan\In Flames   Evil in a Closet Video    19leela91   MyVideo.mp3
[2013.07.10 22:40:20 | 000,034,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 22:40:20 | 000,034,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 22:39:08 | 001,816,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.10 22:39:08 | 000,768,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.10 22:39:08 | 000,723,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.10 22:39:08 | 000,176,278 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.10 22:39:08 | 000,148,914 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.10 22:32:04 | 000,300,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.10 22:31:26 | 2999,533,568 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.01 23:48:43 | 003,841,687 | ---- | M] () -- C:\Users\Stefan\Desktop\deniselvsth62vkura4my.jpg
[2013.06.30 21:58:51 | 000,586,967 | ---- | M] () -- C:\Users\Stefan\Desktop\Bewerbungsformular_WG_06_2012.pdf
[2013.06.28 15:40:11 | 004,629,096 | ---- | M] () -- C:\Users\Stefan\In Flames   My Sweet Shadow[1].mp3
[2013.06.28 15:17:20 | 007,062,622 | ---- | M] () -- C:\Users\Stefan\In Flames   Only for the weak   Vidéo Dailymotion.mp3
[2013.06.28 15:16:47 | 005,525,619 | ---- | M] () -- C:\Users\Stefan\In Flames   Come Clarity [OFFICIAL VIDEO].mp3
[2013.06.28 15:15:31 | 005,868,552 | ---- | M] () -- C:\Users\Stefan\In Flames   Evil In A Closet.mp3
[2013.06.28 15:13:15 | 005,480,227 | ---- | M] () -- C:\Users\Stefan\In Flames   Dial 595 Escape Video    parare4   MyVideo.mp3
[2013.06.28 14:58:02 | 005,463,804 | ---- | M] () -- C:\Users\Stefan\IN FLAMES   Take This Life.mp3
[2013.06.28 14:57:31 | 004,629,096 | ---- | M] () -- C:\Users\Stefan\In Flames   My Sweet Shadow.mp3
[2013.06.28 14:56:57 | 004,856,675 | ---- | M] () -- C:\Users\Stefan\In Flames   The Quiet Place [HD].mp3
[2013.06.22 13:56:46 | 010,791,905 | ---- | M] () -- C:\Users\Stefan\Hitchcock's Psycho Soundtrack.mp3
[2013.06.22 13:31:57 | 009,309,821 | ---- | M] () -- C:\Users\Stefan\Bernard Herrmann   Vertigo (theme).mp3
[2013.06.16 19:06:24 | 000,001,065 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.15 17:40:07 | 000,377,856 | ---- | C] () -- C:\Users\Stefan\Desktop\gmer_2.1.19163.exe
[2013.07.15 17:36:30 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2013.07.15 17:35:50 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2013.07.14 20:45:54 | 005,872,658 | ---- | C] () -- C:\Users\Stefan\In Flames   Evil in a Closet Video    19leela91   MyVideo.mp3
[2013.07.07 13:49:50 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml
[2013.07.01 23:48:42 | 003,841,687 | ---- | C] () -- C:\Users\Stefan\Desktop\deniselvsth62vkura4my.jpg
[2013.06.30 21:24:28 | 000,586,967 | ---- | C] () -- C:\Users\Stefan\Desktop\Bewerbungsformular_WG_06_2012.pdf
[2013.06.28 15:40:06 | 004,629,096 | ---- | C] () -- C:\Users\Stefan\In Flames   My Sweet Shadow[1].mp3
[2013.06.28 15:17:12 | 007,062,622 | ---- | C] () -- C:\Users\Stefan\In Flames   Only for the weak   Vidéo Dailymotion.mp3
[2013.06.28 15:16:42 | 005,525,619 | ---- | C] () -- C:\Users\Stefan\In Flames   Come Clarity [OFFICIAL VIDEO].mp3
[2013.06.28 15:15:24 | 005,868,552 | ---- | C] () -- C:\Users\Stefan\In Flames   Evil In A Closet.mp3
[2013.06.28 15:13:08 | 005,480,227 | ---- | C] () -- C:\Users\Stefan\In Flames   Dial 595 Escape Video    parare4   MyVideo.mp3
[2013.06.28 14:57:55 | 005,463,804 | ---- | C] () -- C:\Users\Stefan\IN FLAMES   Take This Life.mp3
[2013.06.28 14:57:25 | 004,629,096 | ---- | C] () -- C:\Users\Stefan\In Flames   My Sweet Shadow.mp3
[2013.06.28 14:56:50 | 004,856,675 | ---- | C] () -- C:\Users\Stefan\In Flames   The Quiet Place [HD].mp3
[2013.06.22 13:56:33 | 010,791,905 | ---- | C] () -- C:\Users\Stefan\Hitchcock's Psycho Soundtrack.mp3
[2013.06.22 13:31:46 | 009,309,821 | ---- | C] () -- C:\Users\Stefan\Bernard Herrmann   Vertigo (theme).mp3
[2013.06.02 17:49:32 | 008,983,664 | ---- | C] () -- C:\Users\Stefan\Title4 - Chapter 03.mp3
[2013.06.02 17:48:57 | 008,110,880 | ---- | C] () -- C:\Users\Stefan\Title4 - Chapter 02.mp3
[2013.06.02 17:48:32 | 006,406,856 | ---- | C] () -- C:\Users\Stefan\Title4 - Chapter 01.mp3
[2013.06.02 17:47:36 | 011,943,632 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 16.mp3
[2013.06.02 17:46:48 | 011,511,776 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 15.mp3
[2013.06.02 17:45:49 | 014,009,888 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 14.mp3
[2013.06.02 17:45:09 | 009,942,176 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 13.mp3
[2013.06.02 17:44:01 | 016,342,880 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 12.mp3
[2013.06.02 17:43:19 | 010,638,656 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 11.mp3
[2013.06.02 17:42:39 | 007,783,328 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 10.mp3
[2013.06.02 17:41:38 | 013,172,672 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 09.mp3
[2013.06.02 17:40:46 | 009,397,472 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 08.mp3
[2013.06.02 17:39:51 | 009,214,832 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 07.mp3
[2013.06.02 17:38:57 | 010,478,432 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 06.mp3
[2013.06.02 17:37:20 | 017,931,776 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 05.mp3
[2013.06.02 17:36:09 | 011,823,872 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 04.mp3
[2013.06.02 17:35:16 | 007,598,816 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 03.mp3
[2013.06.02 17:34:06 | 010,652,096 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 02.mp3
[2013.06.02 17:32:54 | 009,614,048 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 01.mp3
[2013.06.02 17:32:34 | 001,470,032 | ---- | C] () -- C:\Users\Stefan\Title1 - Chapter 01.mp3
[2013.06.01 15:56:10 | 004,296,169 | ---- | C] () -- C:\Users\Stefan\Bernard Herrmann - Vertigo Main Theme.mp3
[2013.05.30 23:58:28 | 006,691,006 | ---- | C] () -- C:\Users\Stefan\Nightwish - Eva.mp3
[2013.05.30 23:56:32 | 008,350,515 | ---- | C] () -- C:\Users\Stefan\Nightwish - Sahara.mp3
[2013.05.30 23:56:22 | 005,622,758 | ---- | C] () -- C:\Users\Stefan\Nightwish - Amaranth.mp3
[2013.05.30 23:53:24 | 006,676,015 | ---- | C] () -- C:\Users\Stefan\Nightwish - The Islander.mp3
[2013.05.30 23:42:53 | 006,016,424 | ---- | C] () -- C:\Users\Stefan\Nightwish - Sleeping Sun.mp3
[2013.05.30 23:42:43 | 005,921,807 | ---- | C] () -- C:\Users\Stefan\Nightwish - Bless The Child.mp3
[2013.05.30 23:42:18 | 005,889,207 | ---- | C] () -- C:\Users\Stefan\Nightwish - I Wish I Had An Angel.mp3
[2013.05.30 23:41:50 | 006,238,412 | ---- | C] () -- C:\Users\Stefan\Nightwish - Bye Bye Beautiful.mp3
[2013.05.30 23:39:05 | 007,613,915 | ---- | C] () -- C:\Users\Stefan\Nightwish - The Phantom Of The Opera.mp3
[2013.05.30 23:36:06 | 005,840,932 | ---- | C] () -- C:\Users\Stefan\Nightwish - Nemo.mp3
[2013.05.30 23:34:46 | 005,827,140 | ---- | C] () -- C:\Users\Stefan\Nightwish - For The Heart I Once Had.mp3
[2013.05.30 23:29:44 | 006,391,385 | ---- | C] () -- C:\Users\Stefan\Nightwish - The Phantom Of The Opera (2).mp3
[2013.05.30 23:27:35 | 006,391,309 | ---- | C] () -- C:\Users\Stefan\Nightwish 'Phantom Of The Opera'.mp3
[2013.05.28 22:58:24 | 007,022,655 | ---- | C] () -- C:\Users\Stefan\Nonstop   Amazing Dance Skills   Set Fire.mp3
[2013.05.12 16:23:00 | 008,269,066 | ---- | C] () -- C:\Users\Stefan\Matisyahu - One Day.mp3
[2013.05.09 23:53:07 | 009,216,945 | ---- | C] () -- C:\Users\Stefan\Metallica - The Unforgiven.mp3
[2013.05.09 23:51:46 | 007,672,797 | ---- | C] () -- C:\Users\Stefan\Uriah Heep - Lady In Black.mp3
[2013.05.09 23:50:41 | 007,543,696 | ---- | C] () -- C:\Users\Stefan\Skid Row - I Remember You.mp3
[2013.05.09 23:50:03 | 004,649,071 | ---- | C] () -- C:\Users\Stefan\James Brown - It's A Man's World.mp3
[2013.05.09 23:46:22 | 008,611,332 | ---- | C] () -- C:\Users\Stefan\Lynyrd Skynyrd - Simple Man.mp3
[2013.05.09 23:44:59 | 006,218,930 | ---- | C] () -- C:\Users\Stefan\Richie Kotzen - You Can't Save Me.mp3
[2013.05.09 23:43:40 | 004,837,207 | ---- | C] () -- C:\Users\Stefan\Biffy Clyro - Mountains.mp3
[2013.05.09 23:40:56 | 005,100,548 | ---- | C] () -- C:\Users\Stefan\The Tallest Man On Earth - It Will Follow The Rain.mp3
[2013.05.09 23:39:32 | 006,599,471 | ---- | C] () -- C:\Users\Stefan\Bonfire - You Make Me Feel.mp3
[2013.05.09 23:37:53 | 005,604,582 | ---- | C] () -- C:\Users\Stefan\Corvus Corax - Totentanz.mp3
[2013.05.09 23:37:50 | 008,754,272 | ---- | C] () -- C:\Users\Stefan\Axel Rudi Pell - Earls Of Black.mp3
[2013.05.09 23:37:20 | 006,101,108 | ---- | C] () -- C:\Users\Stefan\DJ Bass - The Target.mp3
[2013.05.09 23:33:34 | 008,191,283 | ---- | C] () -- C:\Users\Stefan\Axel Rudi Pell - Tear Down The Walls.mp3
[2013.03.31 23:16:02 | 000,001,465 | ---- | C] () -- C:\Users\Stefan\AppData\Local\recently-used.xbel
[2013.02.19 20:35:12 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013.02.19 20:35:12 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013.02.19 20:34:56 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.21 00:04:52 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.10.02 09:43:59 | 000,001,714 | -H-- | C] () -- C:\Users\Stefan\gsview32.ini
[2012.10.01 10:47:38 | 000,000,017 | ---- | C] () -- C:\Users\Stefan\AppData\Local\resmon.resmoncfg
[2012.09.21 22:38:39 | 000,255,360 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wanancsp.dat
[2012.08.29 20:53:18 | 000,000,313 | ---- | C] () -- C:\ProgramData\LastUpdate.xml
[2012.08.29 20:53:18 | 000,000,225 | ---- | C] () -- C:\Windows\WebUpdateSvc4.INI
[2012.08.29 20:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.07.28 16:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.07.28 16:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012.07.28 16:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.07.28 16:36:55 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.07.28 16:36:54 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.07.28 16:35:59 | 000,035,404 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2012.07.28 16:27:03 | 001,794,696 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.20 16:09:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\1&1
[2012.12.03 23:43:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canneverbe Limited
[2013.02.21 00:22:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crayon Physics Deluxe
[2013.07.10 22:34:44 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2013.06.02 17:50:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\dvdae
[2013.02.24 16:59:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\e-academy Inc
[2013.02.21 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FileZilla
[2013.04.18 21:05:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Foxit Software
[2012.08.29 20:53:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Leadertech
[2012.08.29 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Lenovo
[2012.12.28 23:41:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Locate32
[2012.08.29 20:52:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LSC
[2013.06.03 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Mp3tag
[2012.10.05 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org
[2012.10.26 15:14:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\pdfforge
[2012.08.29 22:48:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PwrMgr
[2012.12.03 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SISTEMA
[2013.01.09 09:00:26 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SQLite Administrator
[2012.10.08 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SumatraPDF
[2013.01.14 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Swiss Academic Software
[2012.11.02 10:09:25 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\T-Online
[2012.12.12 22:21:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Thunderbird
[2013.02.09 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.07.07 08:14:36 | 007,195,671 | ---- | M] ()(C:\Users\Stefan\Desire?Under Your Spell.mp3) -- C:\Users\Stefan\DesireːUnder Your Spell.mp3
[2013.06.22 13:48:58 | 007,195,671 | ---- | C] ()(C:\Users\Stefan\Desire?Under Your Spell.mp3) -- C:\Users\Stefan\DesireːUnder Your Spell.mp3

< End of report >

--- --- ---

Extras.txt, gmer.txt:
Da der Beitrag zu groß wurde (> 120 000 Zeichen), diese beiden Logfiles als .txt-Dateien im Anhang als Logfiles.zip.

Die drei Programme liefen ohne Probleme durch, ich konnte die Anleitung abarbeiten.

Allerdings musste ich vor dem Download von OTL und vor der Ausführung diverse Online-Scans und den Web-Schutz von Sophos deaktivieren. Sophos hat da gemeckert und Malware erkannt.

Könnt ihr mir Helfen in welche Richtung ich weitersuchen muss? Sieht man in den Logs etwas Verdächtiges?

Vielen Dank für eure Mühe,
Stefan (Ömerich)

[edit]
Jetzt ist mir grade noch was eingefallen:
Relativ kurz nachdem ich mir den Laptop gekauft habe, hatte ich schon mal eine etwas sonderbare Fehlermeldung von "Zeitplan Hardware-Scan" die wie folgt lautete:
"Lenovo Solution Center zur Ausführung geplant ist ein hardware check up. Ist es OK, um es auszuführen?" mit zwei Buttons "Ja" und "Nein".
Ich habe deswegen auch schon mal bei Lenovo angerufen und wollte herausfinden, ob diese Meldung authentisch (also von Lenovo ist) oder eventuell Malware (wegen dem seeehr holprigen Deutsch).
Der Herr am Telefon konnte allerdings mein Problem mit der Semantik nicht nachvollziehen und meine immer nur, das sei schon OK, er wüsste nicht, was mit meinem PC nicht in Ordnung sei, ich sollte doch einfach den Hardware-Scan ausführen.
Ich habe dann aufgelegt und die Fehlermeldung mit "Nein" weggeklickt und den Hardware-Scan nie gemacht.
[/edit]

cosinus · 17.07.2013, 00:55

Hallo und

Zitat:

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Oemerich · 17.07.2013, 05:39

Moin Cosinus!

Ja, es ist ein Uni-Notebook. Die Windows-Version ist die, die vorinstalliert war.

Also im Sophos-Log stehen ganz oft Zeilen à la:

Code:

ATTFilter

20130701 152149	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130701 152154	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197518 Objekte erkennen.
20130701 152155	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.

Diese kommen ein bis drei mal pro Tag vor.

Ansonsten soweit ich gesehen habe nur noch die schon erwähnten Warnungen vor OTL.exe und gmer.

Hier mal der ganze Log von Sophos:

Code:

ATTFilter

20130701 152149	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130701 152154	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197518 Objekte erkennen.
20130701 152155	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130701 204854	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130701 204856	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197533 Objekte erkennen.
20130701 204856	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130702 042044	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130702 042051	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197556 Objekte erkennen.
20130702 042051	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130702 180932	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130702 180933	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197562 Objekte erkennen.
20130702 180933	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130703 161221	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130703 161234	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197672 Objekte erkennen.
20130703 161235	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130704 040840	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130704 040847	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197697 Objekte erkennen.
20130704 040848	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130704 162825	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197733 Objekte erkennen.
20130704 162825	Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20130705 042531	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130705 042533	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197769 Objekte erkennen.
20130705 042533	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130705 153614	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130705 153621	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197788 Objekte erkennen.
20130705 153621	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130705 193401	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130705 193403	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197819 Objekte erkennen.
20130705 193403	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130705 223332	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130705 223333	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197826 Objekte erkennen.
20130705 223333	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130706 013332	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130706 013333	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197836 Objekte erkennen.
20130706 013333	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130706 090551	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130706 090554	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197840 Objekte erkennen.
20130706 090554	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130706 110551	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130706 110552	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197849 Objekte erkennen.
20130706 110552	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130707 061452	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130707 061457	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197865 Objekte erkennen.
20130707 061458	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130707 062705	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197865 Objekte erkennen.
20130707 062706	Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20130707 114635	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130707 114638	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197873 Objekte erkennen.
20130707 114638	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130707 175937	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130707 175937	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197888 Objekte erkennen.
20130707 175937	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130708 153923	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130708 153926	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197922 Objekte erkennen.
20130708 153926	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130708 163904	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130708 163905	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5197943 Objekte erkennen.
20130708 163905	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130709 200354	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130709 200358	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5198023 Objekte erkennen.
20130709 200358	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130710 203221	Die Erkennungsdatenversion 4.90G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5198023 Objekte erkennen.
20130710 203221	Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20130710 204121	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130710 204218	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361481 Objekte erkennen.
20130710 204218	Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20130710 204219	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361481 Objekte erkennen.
20130711 180654	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130711 180657	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361564 Objekte erkennen.
20130711 180658	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130712 183757	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130712 183804	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361630 Objekte erkennen.
20130712 183805	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130712 193639	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130712 193643	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361651 Objekte erkennen.
20130712 193645	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130713 084524	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130713 084525	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361660 Objekte erkennen.
20130713 084525	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130713 111443	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130713 111444	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361675 Objekte erkennen.
20130713 111444	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130713 152444	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130713 152446	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361678 Objekte erkennen.
20130713 152447	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130714 102615	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130714 102622	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361690 Objekte erkennen.
20130714 102622	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130714 183711	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130714 183712	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361692 Objekte erkennen.
20130714 183712	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130715 040756	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130715 040757	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361697 Objekte erkennen.
20130715 040757	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130715 150609	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130715 150619	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361712 Objekte erkennen.
20130715 150620	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130715 153644	Web-Anfrage an "oldtimer.geekstogo.com/OTL.exe" (verlinkt von "www.trojaner-board.de/69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html") für Benutzer Brella-Sepp\Stefan gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48297191.
20130715 153730	Web-Anfrage an "oldtimer.geekstogo.com/OTL.exe" (verlinkt von "www.trojaner-board.de/69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html") für Benutzer Brella-Sepp\Stefan gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48297191.
20130715 153814	Benutzer (Brella-Sepp\Stefan) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130715 153825	Web-Anfrage an "oldtimer.geekstogo.com/OTL.exe" (verlinkt von "www.trojaner-board.de/69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html") für Benutzer Brella-Sepp\Stefan gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48297191.
20130715 155500	Prozess "C:\Users\Stefan\Desktop\OTL.exe" weist verdächtiges Verhaltensmuster 'HIPS/RegMod-009' auf. 
		Keine Maßnahme ergriffen. 
		Wenn Sie die Anwendung nicht mit Sicherheit zulassen können, senden Sie ein Sample an Sophos.
20130715 155501	Prozess "C:\Users\Stefan\Desktop\OTL.exe" weist verdächtiges Verhaltensmuster 'HIPS/RegMod-009' auf. 
		Keine Maßnahme ergriffen. 
		Wenn Sie die Anwendung nicht mit Sicherheit zulassen können, senden Sie ein Sample an Sophos.
20130715 155624	Das automatische Versenden von Dateidaten für Sophos Live-Schutz ist deaktiviert.
20130715 214554	Benutzer (Brella-Sepp\Stefan) hat den On-Access-Scan auf diesem Computer gestartet.
20130715 214616	Das automatische Versenden von Dateidaten für Sophos Live-Schutz ist aktiviert.
20130715 214711	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130715 214713	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361757 Objekte erkennen.
20130715 214713	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130715 215518	Benutzer (Brella-Sepp\Stefan) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130715 215533	Das automatische Versenden von Dateidaten für Sophos Live-Schutz ist deaktiviert.
20130716 041619	Benutzer (Brella-Sepp\Stefan) hat den On-Access-Scan auf diesem Computer gestartet.
20130716 041704	Das automatische Versenden von Dateidaten für Sophos Live-Schutz ist aktiviert.
20130716 042300	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130716 042305	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361791 Objekte erkennen.
20130716 042306	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130716 043647	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361791 Objekte erkennen.
20130716 043647	Benutzer (NT-AUTORITÄT\LOKALER DIENST) hat den On-Access-Scan auf diesem Computer gestartet.
20130716 074321	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130716 074322	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361799 Objekte erkennen.
20130716 074322	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130716 104311	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130716 104311	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361815 Objekte erkennen.
20130716 104311	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130716 134311	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130716 134311	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361829 Objekte erkennen.
20130716 134311	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130716 164311	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130716 164311	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361849 Objekte erkennen.
20130716 164311	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130716 194324	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130716 194326	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361853 Objekte erkennen.
20130716 194326	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130717 041539	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130717 041543	Die Erkennungsdatenversion 4.91G (Detection Engine 3.45.0) wird verwendet. Diese Version kann 5361876 Objekte erkennen.
20130717 041544	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.

Im Quarantäne-Manager von Sophos stehen noch zwei Einträge:

Typ: Verdächtiges Verhalten; Name: HIPS/RegMod-009; Details: C:\Users\STefan\Desktop\OTL.exe; Verfügbare Maßnahmen: Zulassen
Typ: Adware/PUA; Name: WhenU Installer; Details: Adware (E:\DAEMON Tools\SetupDTSB.exe); Verfügbare Maßnahmen: Bereinigen, Zulassen

Das Daemon-Tools-Setup ist wohl noch von einer alten Sicherungs-Festplatte, die nicht mehr am Rechner hängt. Hab das Setup aber auf diesem Rechner nie aufgeführt, hier war Daemon-Tools noch nie drauf.

Das Windows-Sicherheitscenter hat mal den Fund von "Win32/Small.CA-Virus" auf meinem Rechner gemeldet. Hab nach dem Thema ein wenig gesucht und anscheinend handelt es sich um ein Problem zwischen Windows und Sophos (False Positive). Nach einigen Reparaturversuchen mit dem Sicherheitscenter und der Problembehandlung von Windows gabs aber da keine Meldungen mehr.

Beste Grüße,
Oemerich

cosinus · 17.07.2013, 14:08

Zitat:

Ja, es ist ein Uni-Notebook.

Was genau heißt das, ist das dein Rechner oder gehört der Rechner der Uni bzw. ist in der Uni-Domäne und wird vom Uni-EDV-Team administriert?

Zitat:

Im Quarantäne-Manager von Sophos stehen noch zwei Einträge:

Typ: Verdächtiges Verhalten; Name: HIPS/RegMod-009; Details: C:\Users\STefan\Desktop\OTL.exe; Verfügbare Maßnahmen: Zulassen
Typ: Adware/PUA; Name: WhenU Installer; Details: Adware (E:\DAEMON Tools\SetupDTSB.exe); Verfügbare Maßnahmen: Bereinigen, Zulassen

Hysterische Meldungen, OTL ist ein Fehlalarm und das alte von den dtools ist nur ein Fund weil der Installer potentiell Adware installieren kann.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Oemerich · 17.07.2013, 19:15

Uni-Notebook heißt bei mir lediglich, dass ich es bei Lenovo als Student mit Uni-Rabatt gekauft habe. Das Notebook gehört mir und wird nur von mir selbst privat und fürs Studium genutzt. Die Windows-Version ist die, die ab Werk auf dem Laptop installiert war.

FRST hab ich vom Desktop aus ohne weitere Vorkehrungen ausgeführt, so wie du es in deinem Post geschrieben hast. Ist das OK so oder soll ich es wie in der von dir verlinkten Beschreibung zu FRST vom BIOS aus mit den erweiterten Startoptionen vom USB-Stick aus ausführen?

Hier die FRST.log:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Stefan (administrator) on 17-07-2013 20:04:06
Running from C:\Users\Stefan\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMResident.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Dropbox, Inc.) C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TouchUser.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [ResetACGauge] - C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe [147456 2013-03-18] (Lenovo)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
MountPoints2: {a305d895-d8bf-11e1-b41a-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [5940288 2012-05-01] (Lenovo Group Limited)
HKLM-x32\...\Run: [TSMResident] - "C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMRESIDENT.EXE" /r [485336 2012-01-27] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-06-07] (Sophos Limited)
HKLM-x32\...\Run: [EaseUs Watch] - "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [70728 2012-10-20] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] - "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [1315400 2012-10-30] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [UIExec] - "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo)
HKU\Default\...\RunOnce: [] -  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo)
HKU\Default User\...\RunOnce: [] -  [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-06-07] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-06-07] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase6_17_erinnerung.lnk
ShortcutTarget: phase6_17_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_17\WinStart\WinStart.exe (phase6)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (No File)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: EldosMountNotificator-cbfs4 - {52983F03-8160-49F0-A3D9-B60F8E54A900} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {52983F03-8160-49F0-A3D9-B60F8E54A900} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {83FDA5A0-0FB2-42AE-AEDE-6DFC67F8C71F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=kw&q={searchTerms}&locale=&apn_ptnrs=UJ&apn_dtid=YYYYYYYYDE&apn_uid=42e32f80-b696-4222-873a-ee5a448a2c2e&apn_sauid=611482D1-574D-4CED-9B1F-90912EBB5208
SearchScopes: HKCU - {9DD9F623-6912-43CB-8DEF-1FD002EC63A0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 217.0.43.145 217.0.43.129
Tcpip\..\Interfaces\{A6EE25AC-971F-476E-8EF3-68612859A062}: [NameServer]195.230.105.134 195.230.105.135

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.9 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default\searchplugins\computerbase.xml
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default\searchplugins\das-rtliche.xml
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default\searchplugins\wikipedia-en.xml
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default\searchplugins\wiktionary-de.xml
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default\searchplugins\youtube-videosuche.xml
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48
CHR RestoreOnStartup: "hxxp://www.facebook.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File

==================== Services (Whitelisted) =================

R2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8447848 2011-11-09] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-01] (Lenovo.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [69192 2012-10-30] (CHENGDU YIWO Tech Development Co., Ltd)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S4 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2012-10-20] (CHENGDU YIWO Tech Development Co., Ltd)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [170832 2012-04-02] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S4 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [29472 2012-07-10] (Macheen)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-06-07] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-06-07] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-06-07] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-09-25] (Sophos Limited)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-06-07] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-06-07] (Sophos Limited)
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5650296 2012-04-10] (Wacom Technology, Corp.)
R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 TouchServiceISD; C:\Program Files\Tablet\ISD\ISD_TouchService.exe [449912 2012-04-10] (Wacom Technology, Corp.)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
S4 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800 2010-08-18] (Data Perceptions / PowerProgrammer)
S4 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-02-14] (Broadcom Corporation.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [375640 2012-12-24] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [375640 2012-12-24] (EldoS Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2012-10-20] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-26] (Lenovo Group Limited)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-06-07] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-09-25] (Sophos Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-10] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-09-25] (Sophos Plc)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
R3 wacomvthid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [16368 2012-03-24] (Wacom Technology)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-17 20:03 - 2013-07-17 20:03 - 00000000 ____D C:\FRST
2013-07-17 20:02 - 2013-07-17 20:03 - 01778209 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
2013-07-16 22:13 - 2013-07-16 22:13 - 00021135 _____ C:\Users\Stefan\Desktop\Logfiles.zip
2013-07-16 20:36 - 2013-07-16 20:37 - 00000131 _____ C:\Users\Stefan\Documents\Signatur_WW_TL.txt.txt
2013-07-16 06:36 - 2013-07-16 06:36 - 00720768 _____ C:\Windows\Minidump\071613-17628-01.dmp
2013-07-16 06:14 - 2013-07-16 06:14 - 00011522 _____ C:\Users\Stefan\Desktop\gmer.log
2013-07-16 03:10 - 2013-07-16 03:10 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 23:45 - 2013-07-15 23:45 - 00000000 _____ C:\Users\Stefan\Desktop\gmer_2.1.19163.bat
2013-07-15 17:52 - 2013-07-15 17:52 - 00106952 _____ C:\Users\Stefan\Desktop\Extras.Txt
2013-07-15 17:51 - 2013-07-15 17:51 - 00152674 _____ C:\Users\Stefan\Desktop\OTL.Txt
2013-07-15 17:40 - 2013-07-15 17:40 - 00377856 _____ C:\Users\Stefan\Desktop\gmer_2.1.19163.exe
2013-07-15 17:38 - 2013-07-15 17:38 - 00602112 _____ (OldTimer Tools) C:\Users\Stefan\Desktop\OTL.exe
2013-07-15 17:36 - 2013-07-15 17:40 - 00000474 _____ C:\Users\Stefan\Desktop\defogger_disable.log
2013-07-15 17:36 - 2013-07-15 17:36 - 00000000 _____ C:\Users\Stefan\defogger_reenable
2013-07-15 17:35 - 2013-07-15 17:35 - 00050477 _____ C:\Users\Stefan\Desktop\Defogger.exe
2013-07-09 22:57 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-09 22:57 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-09 22:57 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-09 22:57 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-09 22:57 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-09 22:57 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-09 22:57 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-09 22:57 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-09 22:57 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-09 22:57 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-09 22:57 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-09 22:57 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-09 22:57 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-09 22:57 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-09 22:57 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 22:57 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-09 22:57 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 22:57 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 22:57 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-09 22:57 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-09 22:57 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-09 22:57 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 22:57 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 22:57 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 22:57 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-09 22:57 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 22:56 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-09 22:56 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-09 22:56 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 22:56 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 22:56 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 22:56 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 22:31 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-09 22:31 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 22:31 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 22:31 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-09 22:31 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 22:30 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 22:30 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-07 14:27 - 2013-07-07 14:29 - 00000000 ____D C:\Program Files (x86)\1&1 Surf-Stick
2013-07-07 14:27 - 2009-10-29 19:28 - 00119680 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2013-07-07 14:27 - 2009-10-29 19:28 - 00119680 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2013-07-07 14:27 - 2009-10-29 19:28 - 00119680 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2013-07-07 14:27 - 2009-10-29 19:28 - 00011776 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2013-07-07 13:49 - 2013-07-07 13:49 - 00000000 ____D C:\UserData
2013-07-07 13:49 - 2010-09-07 07:11 - 00000557 _____ C:\NetworkCfg.xml
2013-07-07 13:42 - 2013-07-07 14:27 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2013-06-30 13:43 - 2013-06-30 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-28 18:50 - 2013-06-28 18:50 - 00000000 ____D C:\Program Files (x86)\Empire Interactive
2013-06-28 14:03 - 2013-06-28 20:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-07-17 20:03 - 2013-07-17 20:03 - 00000000 ____D C:\FRST
2013-07-17 20:03 - 2013-07-17 20:02 - 01778209 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
2013-07-17 19:54 - 2012-07-28 16:42 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-17 19:51 - 2012-07-28 16:42 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-17 06:15 - 2012-07-28 16:26 - 01510190 _____ C:\Windows\WindowsUpdate.log
2013-07-16 22:44 - 2012-10-05 15:44 - 00000000 ____D C:\Users\Stefan\AppData\Local\VMware
2013-07-16 22:36 - 2012-10-05 15:44 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\VMware
2013-07-16 22:36 - 2012-10-05 15:40 - 00000000 ____D C:\ProgramData\VMware
2013-07-16 22:13 - 2013-07-16 22:13 - 00021135 _____ C:\Users\Stefan\Desktop\Logfiles.zip
2013-07-16 21:39 - 2012-10-27 13:03 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Mp3tag
2013-07-16 20:37 - 2013-07-16 20:36 - 00000131 _____ C:\Users\Stefan\Documents\Signatur_WW_TL.txt.txt
2013-07-16 20:25 - 2013-01-05 19:12 - 00000000 ____D C:\Users\Public\Documents\phase6_17_Daten
2013-07-16 20:25 - 2012-10-05 15:04 - 00000000 ___RD C:\Users\Stefan\Dropbox
2013-07-16 20:25 - 2012-10-05 15:03 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Dropbox
2013-07-16 11:09 - 2009-07-14 06:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 11:09 - 2009-07-14 06:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 06:44 - 2012-07-29 02:16 - 00768746 _____ C:\Windows\system32\perfh007.dat
2013-07-16 06:44 - 2012-07-29 02:16 - 00176278 _____ C:\Windows\system32\perfc007.dat
2013-07-16 06:44 - 2009-07-14 07:13 - 01816802 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-16 06:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 06:36 - 2013-07-16 06:36 - 00720768 _____ C:\Windows\Minidump\071613-17628-01.dmp
2013-07-16 06:36 - 2012-11-30 15:03 - 1633951387 _____ C:\Windows\MEMORY.DMP
2013-07-16 06:36 - 2012-11-30 15:03 - 00000000 ____D C:\Windows\Minidump
2013-07-16 06:36 - 2009-07-14 06:51 - 00017755 _____ C:\Windows\setupact.log
2013-07-16 06:14 - 2013-07-16 06:14 - 00011522 _____ C:\Users\Stefan\Desktop\gmer.log
2013-07-16 03:12 - 2013-07-16 03:10 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 23:45 - 2013-07-15 23:45 - 00000000 _____ C:\Users\Stefan\Desktop\gmer_2.1.19163.bat
2013-07-15 17:52 - 2013-07-15 17:52 - 00106952 _____ C:\Users\Stefan\Desktop\Extras.Txt
2013-07-15 17:51 - 2013-07-15 17:51 - 00152674 _____ C:\Users\Stefan\Desktop\OTL.Txt
2013-07-15 17:40 - 2013-07-15 17:40 - 00377856 _____ C:\Users\Stefan\Desktop\gmer_2.1.19163.exe
2013-07-15 17:40 - 2013-07-15 17:36 - 00000474 _____ C:\Users\Stefan\Desktop\defogger_disable.log
2013-07-15 17:38 - 2013-07-15 17:38 - 00602112 _____ (OldTimer Tools) C:\Users\Stefan\Desktop\OTL.exe
2013-07-15 17:36 - 2013-07-15 17:36 - 00000000 _____ C:\Users\Stefan\defogger_reenable
2013-07-15 17:36 - 2012-08-29 20:48 - 00000000 ____D C:\Users\Stefan
2013-07-15 17:35 - 2013-07-15 17:35 - 00050477 _____ C:\Users\Stefan\Desktop\Defogger.exe
2013-07-14 20:42 - 2012-08-29 21:27 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\vlc
2013-07-14 12:58 - 2012-10-08 14:12 - 00000000 ____D C:\Users\Stefan\AppData\Local\CrashDumps
2013-07-13 10:49 - 2012-07-28 16:42 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:49 - 2012-07-28 16:42 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 22:32 - 2009-07-14 06:45 - 00300456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 22:31 - 2013-03-13 04:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 22:31 - 2013-03-13 04:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 23:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 23:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 23:31 - 2011-12-08 22:43 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 23:06 - 2012-10-23 13:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-07 14:29 - 2013-07-07 14:27 - 00000000 ____D C:\Program Files (x86)\1&1 Surf-Stick
2013-07-07 14:27 - 2013-07-07 13:42 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2013-07-07 14:27 - 2012-07-28 16:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-07 13:49 - 2013-07-07 13:49 - 00000000 ____D C:\UserData
2013-07-07 08:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-02 22:12 - 2012-10-07 19:14 - 00000000 ____D C:\Users\Stefan\Documents\CDBurnerXP Projekte
2013-06-30 17:41 - 2012-10-07 19:50 - 00000000 ____D C:\Users\Stefan\Documents\Formel 1
2013-06-30 16:23 - 2012-08-29 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-30 16:23 - 2010-11-21 05:47 - 00578484 _____ C:\Windows\PFRO.log
2013-06-30 13:44 - 2013-06-30 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-28 20:42 - 2013-06-28 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-28 19:57 - 2012-10-02 13:20 - 00000000 ____D C:\Users\Stefan\Spiele
2013-06-28 19:06 - 2012-11-20 23:58 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-06-28 18:50 - 2013-06-28 18:50 - 00000000 ____D C:\Program Files (x86)\Empire Interactive
2013-06-24 17:17 - 2012-08-31 17:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-24 17:17 - 2012-08-31 17:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-24 00:57 - 2012-08-30 20:00 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 18:52

==================== End Of Log ============================

--- --- ---

--- --- ---

und die Addition.log:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Stefan at 2013-07-17 20:05:19
Running from C:\Users\Stefan\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.2.1.28086)
1&1 Surf-Stick (x32 Version: 1.0.0.2)
ActivePerl 5.16.1 Build 1601 (64-bit) (Version: 5.16.1601)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Anti-Twin (Installation 18.11.2012) (x32)
Anzeige am Bildschirm (Version: 7.12.00)
A-PDF Restrictions Remover (x32)
aTube Catcher (x32 Version: 2.9.1462)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
AxCrypt 1.7.2976.0 (Version: 1.7.2976.0)
BoxCryptor 1.5 (x32 Version: 1.5.407.140)
CDBurnerXP (x32 Version: 4.5.0.3717)
Citavi (x32 Version: 3.3.0.0)
Crayon Physics Deluxe Demo version 55_demo (x32 Version: 55_demo)
Create Recovery Media (x32 Version: 1.20.0.00)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
D3DX10 (x32 Version: 15.4.2368.0902)
Dark Messiah  (x32 Version: 1.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
DisplayLink Core Software (Version: 6.1.35392.0)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7)
Dotfuscator Software Services - Community Edition - DEU (x32 Version: 5.0.2300.0)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2500.0)
dows-Treiberpaket - Intel System  (01/11/2012 9.3.0.1020) (Version: 01/11/2012 9.3.0.1020)
Dropbox (HKCU Version: 2.0.22)
DVD Audio Extractor 7.0.2 (x32)
EaseUS Todo Backup Free 5.3 (x32 Version: 5.3)
Energie-Manager (x32 Version: 6.30)
Evernote v. 4.2.3 (x32 Version: 4.2.3.15)
FileZilla Client 3.6.0.1 (x32 Version: 3.6.0.1)
FlatOut (x32 Version: 1.00.0000)
Foxit Reader (x32 Version: 6.0.3.524)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
GPL Ghostscript (x32 Version: 9.05)
GSview 5.0 (x32 Version: 5.0)
GTA2 (x32 Version: 1.00.001)
HD Tune 2.55 (x32)
Hotfix für Microsoft Team Foundation Server 2010-Objektmodell - DEU (KB2736182) (x32 Version: 1)
Hotfix für Microsoft Team Foundation Server 2010-Objektmodell - DEU (KB2813041) (x32 Version: 1)
Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2529927) (x32 Version: 1)
Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2548139) (x32 Version: 1)
Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2549864) (x32 Version: 1)
Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2635973) (x32 Version: 1)
Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2736182) (x32 Version: 1)
Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2813041) (x32 Version: 1)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (x32 Version: 1.2.1.18)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 8.0.3.1427)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel(R) WiDi (Version: 3.1.29.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
ISD Tablett (Version: 7.0.2-29)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java SE Development Kit 7 Update 9 (64-bit) (Version: 1.7.0.90)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Graphics Software (Version: 6.1.35401.0)
Lenovo Mobile Access (x32 Version: 3.1.0.1268)
Lenovo Mobile Broadband Activation (x32 Version: 4.2.0009.00)
Lenovo Patch Utility (x32 Version: 1.3.0.9)
Lenovo Patch Utility (x32 Version: 1.3.2.6)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.2.6)
Lenovo Power Management Driver (Version: 1.67.00.02)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo SimpleTap (Version: 3.2.0004.00)
Lenovo Solution Center (Version: 1.1.007.00)
Lenovo System Update (x32 Version: 5.02.0011)
Lenovo User Guide (x32 Version: 1.0.0009.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 3.1.0017.00)
LinuxLive USB Creator (x32 Version: 2.8)
Lyrics Plugin for Winamp (x32 Version: 0.4)
Magical Jelly Bean KeyFinder (x32 Version: 2.0.9.8)
Many Faces of Go 12 (x32 Version: 12.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Message Center Plus (Version: 3.1.0004.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Silverlight 3 SDK - Deutsch (x32 Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK - Deutsch (x32 Version: 4.0.50826.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst (x32 Version: 10.50.1752.9)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1750.9)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 de (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.40219)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.40219)
Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)
Microsoft Visio 2010 Service Pack 1 (SP1) (x32)
Microsoft Visio Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.40219)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Professional - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Professional - DEU (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
MiKTeX 2.9 (x32 Version: 2.9)
Mobile Broadband Drivers (x32 Version: 7.1.1.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
Mp3tag v2.55a (x32 Version: v2.55a)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PDFCreator (x32 Version: 1.5.0)
phase6_17 (x32 Version: 1.70.0000)
PlayLinc (x32 Version: 2.0.2)
RapidBoot HDD Accelerator (x32 Version: 1.00.0802)
RapidBoot Shield (Version: 1.21)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6591)
RedMon - Druckeranschluß-Umleitungsmonitor
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01)
Sacred Underworld (x32)
Secure Download Manager (x32 Version: 3.1.0)
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Sicherheitsupdate für Microsoft Visual Studio 2010 Professional - DEU (KB2645410) (x32 Version: 1)
SISTEMA - Sicherheit von Steuerungen an Maschinen Version 1.1.4 (x32 Version: 1.1.4.)
Skype™ 5.10 (x32 Version: 5.10.116)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
Steam (x32 Version: 1.0.0.0)
SugarSync Manager (x32 Version: 1.9.51.86909)
SumatraPDF (x32 Version: 2.2)
TeXnicCenter Version 1.0 Stable RC1 (x32 Version: Version 1.0 Stable RC1)
ThinkPad - Menü für Tablettverknüpfungen (x32 Version: 6.33)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.5.1.2330)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 5.93)
ThinkVantage Access Connections (x32 Version: 6.01)
ThinkVantage Communications Utility (Version: 3.0.6.0)
ThinkVantage Fingerprint Software (Version: 5.9.8.7264)
ThinkVantage GPS (x32 Version: 2.80)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.76)
tools-linux (x32 Version: 9.2.3.1031769)
tools-windows (x32 Version: 9.2.3.1031769)
Treiber für ThinkPad-Tabletttasten (x32 Version: 1.04)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (Version: 10.3.5500.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
uTorrentBar_DE Toolbar (x32 Version: 6.9.0.16)
VIP Access (x32 Version: 2.0.5.13)
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
VLC media player 2.0.2 (Version: 2.0.2)
VLC media player 2.0.7 (x32 Version: 2.0.7)
VMware Player (Version: 5.0.2)
VMware Player (x32 Version: 5.0.2)
WCF RIA Services V1.0 SP1 (x32 Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
WebTablet IE Plugin (x32 Version: 1.1.0.11)
WebTablet Netscape Plugin (x32 Version: 1.1.0.9)
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (Version: 01/11/2012 11.15.16.0)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows-Treiberpaket - Intel USB  (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (Version: 02/29/2012 1.65.05.20)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/01/2012 16.0.2.0) (Version: 03/01/2012 16.0.2.0)
WinMerge 2.14.0 (x32 Version: 2.14.0)
WinRAR Archivierer (x32)

==================== Restore Points  =========================

23-06-2013 13:48:57 Geplanter Prüfpunkt
28-06-2013 16:49:45 FlatOut wird installiert
07-07-2013 11:41:39 Installiert 1&1 Surf-Stick
07-07-2013 11:51:16 Entfernt 1&1 Surf-Stick
07-07-2013 12:27:10 Installiert 1&1 Surf-Stick
09-07-2013 20:47:07 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FF2863C-153D-410D-AA61-1BDE4B737A41} - System32\Tasks\PMTask => C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe [2012-05-01] (Lenovo Group Limited)
Task: {1D4BC713-F7B2-4A6D-847E-99F21E14D44E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-04-19] (Lenovo)
Task: {1DC77891-90C2-46B1-AD30-DF983AF36E4D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-05-16] ()
Task: {22C722E0-0591-43C9-9D4F-4C1557D978D1} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-05-16] ()
Task: {416A1349-8F0E-42F5-8B9E-9C9227B173D1} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Brella-Sepp.Administrator => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {502F29DF-7DAA-47A9-AE50-42381528FCA4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-28] (Google Inc.)
Task: {5D99C428-C57D-40E3-AB5C-24F2F4336A13} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {8D495A8D-5739-4BD2-AC31-0CFB68AA4A29} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A0E88AD0-CD77-4216-BC6C-A04FF14D25DB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {ADB25734-1B1F-4D21-9324-AC345612D51F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-28] (Google Inc.)
Task: {B2665642-2804-4C58-97E9-53C498114D19} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Brella-Sepp.Stefan => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {BFE2A5E9-ADAA-43EA-B468-1813598DED90} - System32\Tasks\Lenovo\Message Center Plus Launcher => %programfiles(x86)%\Lenovo\message center plus\mcplaunch.exe No File
Task: {D1212E31-7689-4B18-A507-6C3829B047E5} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {F7B71B5F-3334-417E-BA13-5C6B31215DBC} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {F9DBE707-B645-47C9-B483-7C382A58D531} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2013 06:37:22 AM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (07/16/2013 03:20:25 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{a305d894-d8bf-11e1-b41a-806e6f6e6963} - 0000000000000128,0x0053c008,00000000002FE2E0,0,0000000000187FD0,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.


Vorgang:
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (07/16/2013 03:10:11 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (07/14/2013 00:58:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Sacred_229_14.exe, Version: 2.29.13.0, Zeitstempel: 0x451bbe74
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000371a8
ID des fehlerhaften Prozesses: 0x3980
Startzeit der fehlerhaften Anwendung: 0xSacred_229_14.exe0
Pfad der fehlerhaften Anwendung: Sacred_229_14.exe1
Pfad des fehlerhaften Moduls: Sacred_229_14.exe2
Berichtskennung: Sacred_229_14.exe3

Error: (07/14/2013 00:24:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000020a4a
ID des fehlerhaften Prozesses: 0x287c
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3

Error: (07/13/2013 05:47:12 PM) (Source: Application Hang) (User: )
Description: Programm Sacred_229_14.exe, Version 2.29.13.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3ed4

Startzeit: 01ce7fdd1820d448

Endzeit: 26

Anwendungspfad: C:\Program Files (x86)\Ascaron Entertainment\Sacred Underworld\Sacred_229_14.exe

Berichts-ID:

Error: (07/13/2013 02:49:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Sacred_229_14.exe, Version: 2.29.13.0, Zeitstempel: 0x451bbe74
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037215
ID des fehlerhaften Prozesses: 0x3a78
Startzeit der fehlerhaften Anwendung: 0xSacred_229_14.exe0
Pfad der fehlerhaften Anwendung: Sacred_229_14.exe1
Pfad des fehlerhaften Moduls: Sacred_229_14.exe2
Berichtskennung: Sacred_229_14.exe3

Error: (07/10/2013 10:33:00 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (07/07/2013 02:28:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/07/2013 02:28:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/17/2013 06:14:52 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Lenovo.VIRTSCRLSVC erreicht.

Error: (07/16/2013 06:36:36 AM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8003694660, 0xfffff80004c043d0)C:\Windows\MEMORY.DMP071613-17628-01

Error: (07/16/2013 06:36:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/16/2013 03:20:25 AM) (Source: volsnap) (User: )
Description: Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden.

Error: (07/15/2013 05:04:47 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (07/15/2013 06:06:46 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TabletServiceISD erreicht.

Error: (07/14/2013 08:36:37 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DisplayLinkService erreicht.

Error: (07/14/2013 00:24:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DisplayLinkService erreicht.

Error: (07/13/2013 05:23:52 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TouchServiceISD erreicht.

Error: (07/13/2013 10:44:36 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcPrfMgrSvc erreicht.


Microsoft Office Sessions:
=========================
Error: (07/16/2013 06:37:22 AM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2013 03:20:25 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{a305d894-d8bf-11e1-b41a-806e6f6e6963} - 0000000000000128,0x0053c008,00000000002FE2E0,0,0000000000187FD0,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.


Vorgang:
   EndPrepareSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (07/16/2013 03:10:11 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (07/14/2013 00:58:37 PM) (Source: Application Error)(User: )
Description: Sacred_229_14.exe2.29.13.0451bbe74ntdll.dll6.1.7601.177254ec49b8fc0000005000371a8398001ce807db307ea47C:\Program Files (x86)\Ascaron Entertainment\Sacred Underworld\Sacred_229_14.exeC:\Windows\SysWOW64\ntdll.dll55379742-ec74-11e2-b2c2-005056c00008

Error: (07/14/2013 00:24:45 PM) (Source: Application Error)(User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026ntdll.dll6.1.7601.177254ec4aa8ec00000050000000000020a4a287c01ce807c57161077C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\SYSTEM32\ntdll.dll9a16baa9-ec6f-11e2-b2c2-005056c00008

Error: (07/13/2013 05:47:12 PM) (Source: Application Hang)(User: )
Description: Sacred_229_14.exe2.29.13.03ed401ce7fdd1820d44826C:\Program Files (x86)\Ascaron Entertainment\Sacred Underworld\Sacred_229_14.exe

Error: (07/13/2013 02:49:45 PM) (Source: Application Error)(User: )
Description: Sacred_229_14.exe2.29.13.0451bbe74ntdll.dll6.1.7601.177254ec49b8fc0000005000372153a7801ce7fc4006b05c0C:\Program Files (x86)\Ascaron Entertainment\Sacred Underworld\Sacred_229_14.exeC:\Windows\SysWOW64\ntdll.dllb16c18f6-ebba-11e2-b2c2-005056c00008

Error: (07/10/2013 10:33:00 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 02:28:36 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\1&1 Surf-Stick\Component\BKATProtocol.dll

Error: (07/07/2013 02:28:36 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\1&1 Surf-Stick\Component\BKATProtocol.dll


CodeIntegrity Errors:
===================================
  Date: 2013-06-13 20:56:17.003
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-13 20:56:16.951
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-13 20:56:06.185
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-13 20:56:06.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-12 21:11:39.903
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-12 21:11:39.832
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-12 21:11:07.481
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-12 21:11:07.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-03 19:11:48.099
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-03 19:11:47.909
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 66%
Total physical RAM: 3814.11 MB
Available physical RAM: 1291.97 MB
Total Pagefile: 7626.39 MB
Available Pagefile: 4237.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:146.5 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (FO_CD2) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:2.32 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3DCF6CFE)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 18.07.2013, 01:59

Zitat:

Uni-Notebook heißt bei mir lediglich, dass ich es bei Lenovo als Student mit Uni-Rabatt gekauft habe. Das Notebook gehört mir und wird nur von mir selbst privat und fürs Studium genutzt. Die Windows-Version ist die, die ab Werk auf dem Laptop installiert war.

Dann ist alles ok

Ich will immer nur sichergehen, dass net iwelche "cheffies" hier für lau ihre Büro-PCs reinigen lassen, denn das gefährlich in vielerlei Hinsicht

Mach bitte ein Log mit MBAR:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Oemerich · 18.07.2013, 23:01

Habe mabr zwei mal durchlaufen lassen, es wurde aber beide Male nichts gefunden.

Allerdings bekam ich vor dem ersten Start die im Anhang befindliche Fehlermeldung. Ich hab dann auf "Ja" geklickt und mabr hat dann gestartet.

Hier noch der erste Log:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: BRELLA-SEPP [administrator]

18.07.13 23:08:13
mbar-log-2013-07-18 (23-08-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 283465
Time elapsed: 17 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

und Numero zwo:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: BRELLA-SEPP [administrator]

18.07.13 23:34:43
mbar-log-2013-07-18 (23-34-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 283383
Time elapsed: 18 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 18.07.2013, 23:07

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Oemerich · 19.07.2013, 21:46

aswMBR hat sich mit den Standard-Einstellungen aufgehangen beim Scannen von "C:\Windows\assembly\GAC_MSIL\Microsoft.TeamFoundation.WorkItemTracking.[?]".

Ohne AV-Scan brachte es folgendes Ergebnis:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-19 22:36:16
-----------------------------
22:36:16.617    OS Version: Windows x64 6.1.7601 Service Pack 1
22:36:16.617    Number of processors: 4 586 0x3A09
22:36:16.617    ComputerName: BRELLA-SEPP  UserName: Stefan
22:36:17.272    Initialize success
22:36:30.142    AVAST engine defs: 13071900
22:36:55.757    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:36:55.757    Disk 0 Vendor: HITACHI_ GH2Z Size: 476940MB BusType: 3
22:36:55.898    Disk 0 MBR read successfully
22:36:55.898    Disk 0 MBR scan
22:36:55.913    Disk 0 unknown MBR code
22:36:55.913    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1500 MB offset 2048
22:36:55.929    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       461438 MB offset 3074048
22:36:55.960    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        14000 MB offset 948099072
22:36:56.022    Disk 0 scanning C:\Windows\system32\drivers
22:37:06.646    Service scanning
22:37:38.782    Modules scanning
22:37:38.782    Disk 0 trace - called modules:
22:37:38.829    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
22:37:39.344    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800696d060]
22:37:39.344    3 CLASSPNP.SYS[fffff88001cf743f] -> nt!IofCallDriver -> [0xfffffa80036ac720]
22:37:39.359    5 ACPI.sys[fffff88000fac7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800441a050]
22:37:39.359    Scan finished successfully
22:37:52.120    Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\MBR.dat"
22:37:52.120    The log file has been saved successfully to "C:\Users\Stefan\Desktop\aswMBR.txt"

TDSSKiller hat nichts gefunden:

Code:

ATTFilter

22:40:22.0897 9208  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:40:23.0661 9208  ============================================================
22:40:23.0661 9208  Current date / time: 2013/07/19 22:40:23.0661
22:40:23.0661 9208  SystemInfo:
22:40:23.0661 9208  
22:40:23.0661 9208  OS Version: 6.1.7601 ServicePack: 1.0
22:40:23.0661 9208  Product type: Workstation
22:40:23.0661 9208  ComputerName: BRELLA-SEPP
22:40:23.0661 9208  UserName: Stefan
22:40:23.0661 9208  Windows directory: C:\Windows
22:40:23.0661 9208  System windows directory: C:\Windows
22:40:23.0661 9208  Running under WOW64
22:40:23.0661 9208  Processor architecture: Intel x64
22:40:23.0661 9208  Number of processors: 4
22:40:23.0661 9208  Page size: 0x1000
22:40:23.0661 9208  Boot type: Normal boot
22:40:23.0661 9208  ============================================================
22:40:24.0176 9208  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:40:24.0191 9208  ============================================================
22:40:24.0191 9208  \Device\Harddisk0\DR0:
22:40:24.0191 9208  MBR partitions:
22:40:24.0191 9208  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
22:40:24.0191 9208  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3853F000
22:40:24.0191 9208  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3882D800, BlocksNum 0x1B58000
22:40:24.0191 9208  ============================================================
22:40:24.0223 9208  C: <-> \Device\Harddisk0\DR0\Partition2
22:40:24.0269 9208  Q: <-> \Device\Harddisk0\DR0\Partition3
22:40:24.0269 9208  ============================================================
22:40:24.0269 9208  Initialize success
22:40:24.0269 9208  ============================================================
22:40:36.0547 9552  ============================================================
22:40:36.0547 9552  Scan started
22:40:36.0547 9552  Mode: Manual; SigCheck; TDLFS; 
22:40:36.0547 9552  ============================================================
22:40:36.0859 9552  ================ Scan system memory ========================
22:40:36.0859 9552  System memory - ok
22:40:36.0859 9552  ================ Scan services =============================
22:40:37.0061 9552  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:40:37.0280 9552  1394ohci - ok
22:40:37.0327 9552  [ 144D54704A881047AE1084C6F1163060 ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
22:40:37.0389 9552  5U877 - ok
22:40:37.0436 9552  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:40:37.0483 9552  ACPI - ok
22:40:37.0498 9552  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:40:37.0576 9552  AcpiPmi - ok
22:40:37.0717 9552  [ 6C4B9E202A497782070CE383CBD5D737 ] AcPrfMgrSvc     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
22:40:37.0763 9552  AcPrfMgrSvc - ok
22:40:37.0795 9552  [ B3BF04C7E3E4FB0925BB4F8422763A3D ] AcSvc           C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
22:40:37.0841 9552  AcSvc - ok
22:40:37.0873 9552  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:40:37.0919 9552  adp94xx - ok
22:40:37.0951 9552  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:40:37.0982 9552  adpahci - ok
22:40:37.0982 9552  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:40:37.0997 9552  adpu320 - ok
22:40:38.0029 9552  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:40:38.0185 9552  AeLookupSvc - ok
22:40:38.0247 9552  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:40:38.0294 9552  AFD - ok
22:40:38.0356 9552  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:40:38.0387 9552  agp440 - ok
22:40:38.0419 9552  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:40:38.0481 9552  ALG - ok
22:40:38.0528 9552  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:40:38.0543 9552  aliide - ok
22:40:38.0559 9552  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:40:38.0575 9552  amdide - ok
22:40:38.0575 9552  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:40:38.0621 9552  AmdK8 - ok
22:40:38.0621 9552  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:40:38.0668 9552  AmdPPM - ok
22:40:38.0684 9552  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:40:38.0699 9552  amdsata - ok
22:40:38.0699 9552  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:40:38.0715 9552  amdsbs - ok
22:40:38.0731 9552  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:40:38.0731 9552  amdxata - ok
22:40:38.0762 9552  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:40:38.0871 9552  AppID - ok
22:40:38.0887 9552  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:40:38.0933 9552  AppIDSvc - ok
22:40:38.0980 9552  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
22:40:39.0011 9552  Appinfo - ok
22:40:39.0058 9552  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:40:39.0105 9552  AppMgmt - ok
22:40:39.0136 9552  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:40:39.0167 9552  arc - ok
22:40:39.0167 9552  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:40:39.0183 9552  arcsas - ok
22:40:39.0261 9552  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:40:39.0308 9552  aspnet_state - ok
22:40:39.0370 9552  [ EAE432A64924CE4E5AFB128B92E4C78A ] ASRSVC          C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe
22:40:39.0433 9552  ASRSVC - ok
22:40:39.0448 9552  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:39.0526 9552  AsyncMac - ok
22:40:39.0526 9552  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:40:39.0542 9552  atapi - ok
22:40:39.0573 9552  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:40:39.0620 9552  AudioEndpointBuilder - ok
22:40:39.0620 9552  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:40:39.0651 9552  AudioSrv - ok
22:40:39.0682 9552  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:40:39.0745 9552  AxInstSV - ok
22:40:39.0776 9552  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:40:39.0823 9552  b06bdrv - ok
22:40:39.0854 9552  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:40:39.0932 9552  b57nd60a - ok
22:40:39.0947 9552  [ BC88D56376CCFAF08BE25E33A7046D1F ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
22:40:39.0979 9552  bcbtums - ok
22:40:40.0010 9552  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:40:40.0057 9552  BDESVC - ok
22:40:40.0072 9552  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:40:40.0119 9552  Beep - ok
22:40:40.0150 9552  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:40:40.0213 9552  BFE - ok
22:40:40.0244 9552  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:40:40.0322 9552  BITS - ok
22:40:40.0337 9552  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:40:40.0369 9552  blbdrive - ok
22:40:40.0384 9552  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:40:40.0431 9552  bowser - ok
22:40:40.0462 9552  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:40:40.0478 9552  BrFiltLo - ok
22:40:40.0493 9552  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:40:40.0509 9552  BrFiltUp - ok
22:40:40.0556 9552  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:40:40.0618 9552  Browser - ok
22:40:40.0634 9552  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:40:40.0681 9552  Brserid - ok
22:40:40.0696 9552  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:40:40.0712 9552  BrSerWdm - ok
22:40:40.0727 9552  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:40:40.0743 9552  BrUsbMdm - ok
22:40:40.0743 9552  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:40:40.0774 9552  BrUsbSer - ok
22:40:40.0805 9552  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:40:40.0868 9552  BthEnum - ok
22:40:40.0883 9552  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:40:40.0930 9552  BTHMODEM - ok
22:40:40.0946 9552  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:40:40.0977 9552  BthPan - ok
22:40:40.0993 9552  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:40:41.0024 9552  BTHPORT - ok
22:40:41.0055 9552  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:40:41.0117 9552  bthserv - ok
22:40:41.0133 9552  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:40:41.0180 9552  BTHUSB - ok
22:40:41.0227 9552  [ 93F0E54C65EF7FCB56287FA685E4C4B7 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
22:40:41.0258 9552  btwampfl - ok
22:40:41.0273 9552  [ D1F3C58892C621935947C0261BAEF3C0 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
22:40:41.0305 9552  btwaudio - ok
22:40:41.0305 9552  [ 9C7A3858D87F3A2574C1D326CA6C1461 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
22:40:41.0320 9552  btwavdt - ok
22:40:41.0398 9552  [ 88C77D9CB0353821D3F0F8B9CBBB499B ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
22:40:41.0461 9552  btwdins - ok
22:40:41.0476 9552  [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
22:40:41.0492 9552  btwl2cap - ok
22:40:41.0507 9552  [ BB892C59D453E127797F8C5B203678DC ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
22:40:41.0507 9552  btwrchid - ok
22:40:41.0570 9552  [ E9ABE600076D2E8C484BCC576618EB4F ] cbfs4           C:\Windows\system32\drivers\cbfs4.sys
22:40:41.0601 9552  cbfs4 - ok
22:40:41.0632 9552  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:40:41.0679 9552  cdfs - ok
22:40:41.0695 9552  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:40:41.0726 9552  cdrom - ok
22:40:41.0757 9552  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:40:41.0804 9552  CertPropSvc - ok
22:40:41.0819 9552  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:40:41.0835 9552  circlass - ok
22:40:41.0866 9552  [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC           C:\Windows\system32\CISVC.EXE
22:40:41.0929 9552  CISVC - ok
22:40:41.0944 9552  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:40:41.0975 9552  CLFS - ok
22:40:42.0022 9552  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:42.0116 9552  clr_optimization_v2.0.50727_32 - ok
22:40:42.0163 9552  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:40:42.0178 9552  clr_optimization_v2.0.50727_64 - ok
22:40:42.0225 9552  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:42.0381 9552  clr_optimization_v4.0.30319_32 - ok
22:40:42.0397 9552  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:40:42.0428 9552  clr_optimization_v4.0.30319_64 - ok
22:40:42.0443 9552  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:42.0475 9552  CmBatt - ok
22:40:42.0506 9552  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:40:42.0537 9552  cmdide - ok
22:40:42.0584 9552  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
22:40:42.0631 9552  CNG - ok
22:40:42.0662 9552  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:40:42.0677 9552  Compbatt - ok
22:40:42.0709 9552  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:40:42.0740 9552  CompositeBus - ok
22:40:42.0740 9552  COMSysApp - ok
22:40:42.0849 9552  [ EB726E02074FDC44EBE97E01A2660AA6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:40:42.0958 9552  cphs - ok
22:40:42.0974 9552  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:40:42.0989 9552  crcdisk - ok
22:40:43.0052 9552  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:40:43.0114 9552  CryptSvc - ok
22:40:43.0130 9552  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
22:40:43.0192 9552  CSC - ok
22:40:43.0208 9552  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
22:40:43.0239 9552  CscService - ok
22:40:43.0286 9552  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:40:43.0348 9552  DcomLaunch - ok
22:40:43.0379 9552  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:40:43.0457 9552  defragsvc - ok
22:40:43.0489 9552  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:40:43.0535 9552  DfsC - ok
22:40:43.0551 9552  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:40:43.0613 9552  Dhcp - ok
22:40:43.0629 9552  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:40:43.0707 9552  discache - ok
22:40:43.0723 9552  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:40:43.0738 9552  Disk - ok
22:40:43.0894 9552  [ 4453DA8650DA827BC33B8D41A8F97894 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
22:40:44.0097 9552  DisplayLinkService - ok
22:40:44.0128 9552  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
22:40:44.0159 9552  dmvsc - ok
22:40:44.0175 9552  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:40:44.0222 9552  Dnscache - ok
22:40:44.0253 9552  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:40:44.0300 9552  dot3svc - ok
22:40:44.0347 9552  [ 9597BCB69286FF017DB1A0FB8144408D ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
22:40:44.0378 9552  DozeSvc - ok
22:40:44.0393 9552  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:40:44.0440 9552  DPS - ok
22:40:44.0471 9552  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:40:44.0503 9552  drmkaud - ok
22:40:44.0549 9552  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:40:44.0612 9552  DXGKrnl - ok
22:40:44.0643 9552  [ 3CE83D7EE95D9C9F03323810A2E747DF ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
22:40:44.0659 9552  DzHDD64 - ok
22:40:44.0690 9552  [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
22:40:44.0705 9552  e1cexpress - ok
22:40:44.0737 9552  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:40:44.0768 9552  EapHost - ok
22:40:44.0908 9552  [ 3C6EA21E43BE313A9AEAF0E26E2A90AD ] EaseUS Agent    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
22:40:45.0314 9552  EaseUS Agent - ok
22:40:45.0423 9552  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:40:45.0501 9552  ebdrv - ok
22:40:45.0517 9552  [ B90BEFCCEB59C83AC65BFD39EF7404F4 ] ecnssndis       C:\Windows\system32\Drivers\wwuss64.sys
22:40:45.0532 9552  ecnssndis - ok
22:40:45.0532 9552  [ 1CF09C0555BE49EFE96B33BDA514A334 ] ecnssndisfltr   C:\Windows\system32\Drivers\wwussf64.sys
22:40:45.0548 9552  ecnssndisfltr - ok
22:40:45.0563 9552  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:40:45.0641 9552  EFS - ok
22:40:45.0673 9552  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:40:45.0688 9552  elxstor - ok
22:40:45.0688 9552  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:40:45.0704 9552  ErrDev - ok
22:40:45.0751 9552  [ E1D1F8DB5E7F5929D46C141AE813F906 ] EUBAKUP         C:\Windows\system32\drivers\eubakup.sys
22:40:45.0782 9552  EUBAKUP - ok
22:40:45.0829 9552  [ C9F49D916763B5F3A5B0AAFD3248344B ] EUBKMON         C:\Windows\system32\drivers\EUBKMON.sys
22:40:45.0844 9552  EUBKMON - ok
22:40:45.0860 9552  [ 4BE34EB63BA2CE6D9F4122DA4E9E23BD ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
22:40:45.0875 9552  EUDSKACS - ok
22:40:45.0891 9552  [ 8F1968EB9419E56ADE365362E8B43713 ] EUFDDISK        C:\Windows\system32\drivers\EuFdDisk.sys
22:40:45.0907 9552  EUFDDISK - ok
22:40:45.0953 9552  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:40:45.0985 9552  EventSystem - ok
22:40:46.0047 9552  [ 23D401A43DADED10A153B9F3A7E66C91 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:40:46.0094 9552  EvtEng - ok
22:40:46.0109 9552  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:40:46.0156 9552  exfat - ok
22:40:46.0172 9552  [ EB3A7D5663ACAC417DF986D4AEE12170 ] Fastboot        C:\Windows\system32\DRIVERS\Fastboot.sys
22:40:46.0187 9552  Fastboot - ok
22:40:46.0234 9552  [ 63511240AF70D10343A4AE05F8E2CA12 ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
22:40:46.0312 9552  FastbootService - ok
22:40:46.0328 9552  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:40:46.0359 9552  fastfat - ok
22:40:46.0390 9552  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:40:46.0406 9552  fdc - ok
22:40:46.0437 9552  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:40:46.0484 9552  fdPHost - ok
22:40:46.0484 9552  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:40:46.0515 9552  FDResPub - ok
22:40:46.0546 9552  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:40:46.0562 9552  FileInfo - ok
22:40:46.0562 9552  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:40:46.0609 9552  Filetrace - ok
22:40:46.0609 9552  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:40:46.0624 9552  flpydisk - ok
22:40:46.0640 9552  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:40:46.0655 9552  FltMgr - ok
22:40:46.0702 9552  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:40:46.0796 9552  FontCache - ok
22:40:46.0827 9552  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:40:46.0921 9552  FontCache3.0.0.0 - ok
22:40:46.0936 9552  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:40:46.0952 9552  FsDepends - ok
22:40:46.0983 9552  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:40:46.0999 9552  Fs_Rec - ok
22:40:47.0045 9552  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:40:47.0061 9552  fvevol - ok
22:40:47.0092 9552  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:40:47.0092 9552  gagp30kx - ok
22:40:47.0123 9552  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:40:47.0155 9552  gpsvc - ok
22:40:47.0201 9552  [ 72230BF2F36924051B52F26DF74504D0 ] Guard Agent     C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
22:40:47.0420 9552  Guard Agent - ok
22:40:47.0467 9552  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:40:47.0545 9552  gupdate - ok
22:40:47.0545 9552  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:40:47.0576 9552  gupdatem - ok
22:40:47.0607 9552  [ 943350B87BB0339BF61343E8AC3EF25E ] HBtnKey         C:\Windows\system32\DRIVERS\wstbtndb.sys
22:40:47.0607 9552  HBtnKey - ok
22:40:47.0669 9552  [ 3CC07DAD48FA53193AE2F85DD8200B5E ] hcmon           C:\Windows\system32\drivers\hcmon.sys
22:40:47.0685 9552  hcmon - ok
22:40:47.0701 9552  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:40:47.0763 9552  hcw85cir - ok
22:40:47.0779 9552  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:40:47.0810 9552  HdAudAddService - ok
22:40:47.0841 9552  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:40:47.0872 9552  HDAudBus - ok
22:40:47.0872 9552  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:40:47.0903 9552  HidBatt - ok
22:40:47.0903 9552  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:40:47.0919 9552  HidBth - ok
22:40:47.0935 9552  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:40:47.0950 9552  HidIr - ok
22:40:47.0966 9552  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:40:48.0013 9552  hidserv - ok
22:40:48.0013 9552  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:40:48.0028 9552  HidUsb - ok
22:40:48.0059 9552  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:40:48.0106 9552  hkmsvc - ok
22:40:48.0122 9552  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:40:48.0153 9552  HomeGroupListener - ok
22:40:48.0169 9552  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:40:48.0184 9552  HomeGroupProvider - ok
22:40:48.0200 9552  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:40:48.0215 9552  HpSAMD - ok
22:40:48.0247 9552  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:40:48.0293 9552  HTTP - ok
22:40:48.0309 9552  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:40:48.0309 9552  hwpolicy - ok
22:40:48.0356 9552  [ A4EA0642CB8D1EBA36E7691D129B5446 ] HyperW7Svc      C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
22:40:48.0403 9552  HyperW7Svc - ok
22:40:48.0418 9552  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:40:48.0434 9552  i8042prt - ok
22:40:48.0465 9552  [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
22:40:48.0496 9552  iaStor - ok
22:40:48.0512 9552  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:40:48.0527 9552  iaStorV - ok
22:40:48.0574 9552  [ 680571D47188A16DA2DB8A1F3EFE3786 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:40:48.0590 9552  IBMPMDRV - ok
22:40:48.0605 9552  [ CFDDA03A8A346BC30A8B31CF867AFE4E ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
22:40:48.0605 9552  IBMPMSVC - ok
22:40:48.0668 9552  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:40:48.0730 9552  idsvc - ok
22:40:48.0917 9552  [ B9857625DF8B539ABCB90E15B5716568 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:40:49.0105 9552  igfx - ok
22:40:49.0120 9552  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:40:49.0136 9552  iirsp - ok
22:40:49.0183 9552  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:40:49.0229 9552  IKEEXT - ok
22:40:49.0261 9552  [ 314285071F7117263BD246E35C17FD82 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
22:40:49.0276 9552  intaud_WaveExtensible - ok
22:40:49.0385 9552  [ 21F54139C93FC595902B58ED947D47D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:40:49.0510 9552  IntcAzAudAddService - ok
22:40:49.0557 9552  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:40:49.0619 9552  IntcDAud - ok
22:40:49.0666 9552  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:40:49.0729 9552  Intel(R) Capability Licensing Service Interface - ok
22:40:49.0760 9552  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:40:49.0775 9552  intelide - ok
22:40:49.0791 9552  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:40:49.0822 9552  intelppm - ok
22:40:49.0853 9552  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:40:49.0916 9552  IPBusEnum - ok
22:40:49.0916 9552  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:49.0947 9552  IpFilterDriver - ok
22:40:49.0978 9552  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:40:50.0041 9552  iphlpsvc - ok
22:40:50.0041 9552  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:40:50.0056 9552  IPMIDRV - ok
22:40:50.0056 9552  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:40:50.0087 9552  IPNAT - ok
22:40:50.0119 9552  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:40:50.0150 9552  IRENUM - ok
22:40:50.0150 9552  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:40:50.0165 9552  isapnp - ok
22:40:50.0181 9552  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:40:50.0197 9552  iScsiPrt - ok
22:40:50.0228 9552  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:40:50.0243 9552  iusb3hcs - ok
22:40:50.0259 9552  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
22:40:50.0275 9552  iusb3hub - ok
22:40:50.0290 9552  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:40:50.0321 9552  iusb3xhc - ok
22:40:50.0337 9552  [ 4487AD9C070D3973FE28AB4406555FC6 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
22:40:50.0353 9552  iwdbus - ok
22:40:50.0415 9552  [ 0043D9FB61C35F90886B1E93DD556FAF ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:40:50.0493 9552  jhi_service - ok
22:40:50.0524 9552  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:50.0540 9552  kbdclass - ok
22:40:50.0540 9552  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:40:50.0571 9552  kbdhid - ok
22:40:50.0571 9552  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:40:50.0587 9552  KeyIso - ok
22:40:50.0602 9552  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:40:50.0618 9552  KSecDD - ok
22:40:50.0665 9552  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:40:50.0696 9552  KSecPkg - ok
22:40:50.0696 9552  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:40:50.0743 9552  ksthunk - ok
22:40:50.0758 9552  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:40:50.0805 9552  KtmRm - ok
22:40:50.0821 9552  [ 3BE0319D6F9D5A0C4DDD037E0E19FFD4 ] l36wgps         C:\Windows\system32\DRIVERS\l36wgps64.sys
22:40:50.0836 9552  l36wgps - ok
22:40:50.0867 9552  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:40:50.0930 9552  LanmanServer - ok
22:40:50.0945 9552  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:40:50.0992 9552  LanmanWorkstation - ok
22:40:51.0023 9552  [ 76169809F95A408A5B9F628D7A76FF9B ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
22:40:51.0164 9552  LENOVO.CAMMUTE - ok
22:40:51.0211 9552  [ 7CFE36AF06E9C0984021796EDC8AC207 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
22:40:51.0257 9552  LENOVO.MICMUTE - ok
22:40:51.0273 9552  [ 6E4F75754690898187C48B0EA6B62AF8 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
22:40:51.0320 9552  LENOVO.TPKNRSVC - ok
22:40:51.0335 9552  [ 9F841AA848F66B96D9120A7213C8D077 ] LENOVO.TVTVCAM  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
22:40:51.0367 9552  LENOVO.TVTVCAM - ok
22:40:51.0382 9552  [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
22:40:51.0398 9552  Lenovo.VIRTSCRLSVC - ok
22:40:51.0429 9552  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:40:51.0476 9552  lltdio - ok
22:40:51.0507 9552  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:40:51.0538 9552  lltdsvc - ok
22:40:51.0554 9552  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:40:51.0601 9552  lmhosts - ok
22:40:51.0616 9552  [ 2FB262276D1C689C6886B1C0710342FA ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:40:51.0679 9552  LMS - ok
22:40:51.0710 9552  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:40:51.0725 9552  LSI_FC - ok
22:40:51.0725 9552  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:40:51.0741 9552  LSI_SAS - ok
22:40:51.0741 9552  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:40:51.0757 9552  LSI_SAS2 - ok
22:40:51.0757 9552  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:40:51.0772 9552  LSI_SCSI - ok
22:40:51.0772 9552  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:40:51.0819 9552  luafv - ok
22:40:51.0850 9552  [ 0CC0E238C431F699C13FD47202B7E265 ] MacheenService  C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe
22:40:51.0913 9552  MacheenService - ok
22:40:51.0975 9552  [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter      C:\Windows\system32\drivers\massfilter.sys
22:40:52.0022 9552  massfilter - ok
22:40:52.0022 9552  mbamswissarmy - ok
22:40:52.0053 9552  [ 62732AF9512B911C330ACBBDBCC2F284 ] Mbm3CBus        C:\Windows\system32\DRIVERS\Mbm3CBus.sys
22:40:52.0069 9552  Mbm3CBus - ok
22:40:52.0100 9552  [ BDC2D259CA9CFCED092B3B0B8557322D ] Mbm3DevMt       C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
22:40:52.0115 9552  Mbm3DevMt - ok
22:40:52.0131 9552  [ E55689A5E9349182C24312EFC9DF09FB ] Mbm3mdfl        C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
22:40:52.0147 9552  Mbm3mdfl - ok
22:40:52.0162 9552  [ FC1059C857D7B1083086BE04DB5EE09C ] Mbm3Mdm         C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
22:40:52.0178 9552  Mbm3Mdm - ok
22:40:52.0193 9552  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:40:52.0209 9552  megasas - ok
22:40:52.0209 9552  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:40:52.0240 9552  MegaSR - ok
22:40:52.0271 9552  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:40:52.0287 9552  MEIx64 - ok
22:40:52.0318 9552  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:40:52.0365 9552  MMCSS - ok
22:40:52.0365 9552  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:40:52.0396 9552  Modem - ok
22:40:52.0443 9552  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:40:52.0474 9552  monitor - ok
22:40:52.0490 9552  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:40:52.0505 9552  mouclass - ok
22:40:52.0505 9552  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:40:52.0521 9552  mouhid - ok
22:40:52.0537 9552  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:40:52.0552 9552  mountmgr - ok
22:40:52.0583 9552  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:40:52.0615 9552  MozillaMaintenance - ok
22:40:52.0630 9552  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:40:52.0646 9552  mpio - ok
22:40:52.0661 9552  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:40:52.0677 9552  mpsdrv - ok
22:40:52.0708 9552  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:40:52.0755 9552  MpsSvc - ok
22:40:52.0771 9552  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:40:52.0802 9552  MRxDAV - ok
22:40:52.0817 9552  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:52.0833 9552  mrxsmb - ok
22:40:52.0864 9552  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:52.0880 9552  mrxsmb10 - ok
22:40:52.0880 9552  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:52.0895 9552  mrxsmb20 - ok
22:40:52.0911 9552  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:40:52.0927 9552  msahci - ok
22:40:52.0927 9552  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:40:52.0942 9552  msdsm - ok
22:40:52.0989 9552  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:40:53.0020 9552  MSDTC - ok
22:40:53.0067 9552  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:40:53.0114 9552  Msfs - ok
22:40:53.0145 9552  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:40:53.0176 9552  mshidkmdf - ok
22:40:53.0176 9552  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:40:53.0192 9552  msisadrv - ok
22:40:53.0223 9552  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:40:53.0270 9552  MSiSCSI - ok
22:40:53.0285 9552  msiserver - ok
22:40:53.0285 9552  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:40:53.0317 9552  MSKSSRV - ok
22:40:53.0332 9552  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:53.0363 9552  MSPCLOCK - ok
22:40:53.0379 9552  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:40:53.0410 9552  MSPQM - ok
22:40:53.0426 9552  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:40:53.0441 9552  MsRPC - ok
22:40:53.0457 9552  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:40:53.0457 9552  mssmbios - ok
22:40:53.0566 9552  MSSQL$SQLEXPRESS - ok
22:40:53.0644 9552  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:40:53.0660 9552  MSSQLServerADHelper100 - ok
22:40:53.0691 9552  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:40:53.0753 9552  MSTEE - ok
22:40:53.0769 9552  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:40:53.0785 9552  MTConfig - ok
22:40:53.0800 9552  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:40:53.0800 9552  Mup - ok
22:40:53.0847 9552  [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:40:53.0925 9552  MyWiFiDHCPDNS - ok
22:40:53.0956 9552  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:40:53.0987 9552  napagent - ok
22:40:54.0019 9552  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:40:54.0050 9552  NativeWifiP - ok
22:40:54.0081 9552  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:40:54.0128 9552  NDIS - ok
22:40:54.0128 9552  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:40:54.0159 9552  NdisCap - ok
22:40:54.0175 9552  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:54.0190 9552  NdisTapi - ok
22:40:54.0206 9552  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:54.0237 9552  Ndisuio - ok
22:40:54.0253 9552  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:54.0284 9552  NdisWan - ok
22:40:54.0284 9552  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:40:54.0315 9552  NDProxy - ok
22:40:54.0346 9552  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:40:54.0362 9552  NetBIOS - ok
22:40:54.0377 9552  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:40:54.0409 9552  NetBT - ok
22:40:54.0409 9552  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:40:54.0424 9552  Netlogon - ok
22:40:54.0455 9552  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:40:54.0487 9552  Netman - ok
22:40:54.0565 9552  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:54.0783 9552  NetMsmqActivator - ok
22:40:54.0799 9552  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:54.0877 9552  NetPipeActivator - ok
22:40:54.0892 9552  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:40:54.0955 9552  netprofm - ok
22:40:54.0955 9552  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:55.0048 9552  NetTcpActivator - ok
22:40:55.0048 9552  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:55.0126 9552  NetTcpPortSharing - ok
22:40:55.0345 9552  [ 98CF53F7B23F77D082805D5DBBD99A4E ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
22:40:55.0516 9552  NETwNs64 - ok
22:40:55.0547 9552  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:40:55.0563 9552  nfrd960 - ok
22:40:55.0594 9552  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:40:55.0641 9552  NlaSvc - ok
22:40:55.0672 9552  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:40:55.0703 9552  Npfs - ok
22:40:55.0719 9552  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:40:55.0766 9552  nsi - ok
22:40:55.0766 9552  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:40:55.0813 9552  nsiproxy - ok
22:40:55.0859 9552  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:40:55.0906 9552  Ntfs - ok
22:40:55.0922 9552  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:40:55.0953 9552  Null - ok
22:40:55.0984 9552  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:40:56.0000 9552  nvraid - ok
22:40:56.0000 9552  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:40:56.0015 9552  nvstor - ok
22:40:56.0015 9552  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:40:56.0031 9552  nv_agp - ok
22:40:56.0031 9552  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:40:56.0062 9552  ohci1394 - ok
22:40:56.0140 9552  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:40:56.0203 9552  ose - ok
22:40:56.0327 9552  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:40:56.0468 9552  osppsvc - ok
22:40:56.0499 9552  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:40:56.0530 9552  p2pimsvc - ok
22:40:56.0530 9552  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:40:56.0561 9552  p2psvc - ok
22:40:56.0577 9552  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:40:56.0593 9552  Parport - ok
22:40:56.0608 9552  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:40:56.0624 9552  partmgr - ok
22:40:56.0639 9552  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:40:56.0671 9552  PcaSvc - ok
22:40:56.0671 9552  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:40:56.0686 9552  pci - ok
22:40:56.0702 9552  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:40:56.0702 9552  pciide - ok
22:40:56.0717 9552  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:40:56.0733 9552  pcmcia - ok
22:40:56.0733 9552  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:40:56.0749 9552  pcw - ok
22:40:56.0764 9552  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:40:56.0811 9552  PEAUTH - ok
22:40:56.0842 9552  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:40:56.0889 9552  PeerDistSvc - ok
22:40:56.0951 9552  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:40:56.0998 9552  PerfHost - ok
22:40:57.0029 9552  [ B4C1BF666DBD6899EC4A9A499DAA040B ] PHCORE          C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
22:40:57.0045 9552  PHCORE - ok
22:40:57.0076 9552  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:40:57.0154 9552  pla - ok
22:40:57.0201 9552  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:40:57.0263 9552  PlugPlay - ok
22:40:57.0279 9552  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:40:57.0310 9552  PNRPAutoReg - ok
22:40:57.0341 9552  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:40:57.0357 9552  PNRPsvc - ok
22:40:57.0404 9552  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:40:57.0466 9552  PolicyAgent - ok
22:40:57.0482 9552  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
22:40:57.0513 9552  Power - ok
22:40:57.0575 9552  [ 3C88F3C5EAFFCA0FCC3A716E90A75B16 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
22:40:57.0669 9552  Power Manager DBC Service - ok
22:40:57.0685 9552  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:40:57.0731 9552  PptpMiniport - ok
22:40:57.0731 9552  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:40:57.0763 9552  Processor - ok
22:40:57.0809 9552  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:40:57.0856 9552  ProfSvc - ok
22:40:57.0872 9552  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:40:57.0887 9552  ProtectedStorage - ok
22:40:57.0919 9552  [ 05A4779E4994B21473EDBE85AABE8030 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
22:40:57.0934 9552  psadd - ok
22:40:57.0965 9552  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:40:58.0043 9552  Psched - ok
22:40:58.0075 9552  [ F8465C8B45F7E0A2E7CEC724FD3C0647 ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
22:40:58.0168 9552  PwmEWSvc - ok
22:40:58.0184 9552  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:40:58.0215 9552  ql2300 - ok
22:40:58.0246 9552  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:40:58.0262 9552  ql40xx - ok
22:40:58.0277 9552  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:40:58.0309 9552  QWAVE - ok
22:40:58.0309 9552  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:40:58.0340 9552  QWAVEdrv - ok
22:40:58.0340 9552  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:40:58.0371 9552  RasAcd - ok
22:40:58.0387 9552  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:58.0418 9552  RasAgileVpn - ok
22:40:58.0433 9552  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:40:58.0465 9552  RasAuto - ok
22:40:58.0480 9552  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:58.0511 9552  Rasl2tp - ok
22:40:58.0543 9552  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:40:58.0574 9552  RasMan - ok
22:40:58.0574 9552  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:58.0621 9552  RasPppoe - ok
22:40:58.0621 9552  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:40:58.0667 9552  RasSstp - ok
22:40:58.0699 9552  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:40:58.0730 9552  rdbss - ok
22:40:58.0745 9552  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:58.0761 9552  rdpbus - ok
22:40:58.0777 9552  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:58.0792 9552  RDPCDD - ok
22:40:58.0823 9552  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:40:58.0870 9552  RDPDR - ok
22:40:58.0870 9552  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:40:58.0917 9552  RDPENCDD - ok
22:40:58.0933 9552  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:40:58.0948 9552  RDPREFMP - ok
22:40:59.0011 9552  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:40:59.0057 9552  RdpVideoMiniport - ok
22:40:59.0089 9552  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:40:59.0135 9552  RDPWD - ok
22:40:59.0151 9552  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:40:59.0182 9552  rdyboost - ok
22:40:59.0213 9552  [ 0C2B4C3B10D183BE116A38353E937F62 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:40:59.0260 9552  RegSrvc - ok
22:40:59.0276 9552  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:40:59.0307 9552  RemoteAccess - ok
22:40:59.0338 9552  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:40:59.0369 9552  RemoteRegistry - ok
22:40:59.0385 9552  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:40:59.0416 9552  RFCOMM - ok
22:40:59.0432 9552  [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc          C:\Windows\system32\DRIVERS\risdxc64.sys
22:40:59.0463 9552  risdxc - ok
22:40:59.0479 9552  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:40:59.0510 9552  RpcEptMapper - ok
22:40:59.0525 9552  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:40:59.0541 9552  RpcLocator - ok
22:40:59.0557 9552  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:40:59.0588 9552  RpcSs - ok
22:40:59.0650 9552  [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
22:40:59.0681 9552  RsFx0105 - ok
22:40:59.0713 9552  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:40:59.0744 9552  rspndr - ok
22:40:59.0775 9552  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:40:59.0791 9552  s3cap - ok
22:40:59.0806 9552  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:40:59.0822 9552  SamSs - ok
22:40:59.0884 9552  [ 07310DF9FD1A62790B5A011048D8E121 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
22:40:59.0931 9552  SAVAdminService - ok
22:40:59.0978 9552  [ C3999EF390EB460A636E9FFBA040BF8A ] SAVOnAccess     C:\Windows\system32\DRIVERS\savonaccess.sys
22:41:00.0009 9552  SAVOnAccess - ok
22:41:00.0025 9552  [ D31E18B53B0E52C234568BB61EEC7940 ] SAVService      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
22:41:00.0056 9552  SAVService - ok
22:41:00.0071 9552  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:41:00.0087 9552  sbp2port - ok
22:41:00.0103 9552  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:41:00.0134 9552  SCardSvr - ok
22:41:00.0149 9552  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:41:00.0196 9552  scfilter - ok
22:41:00.0212 9552  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:41:00.0259 9552  Schedule - ok
22:41:00.0290 9552  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:41:00.0321 9552  SCPolicySvc - ok
22:41:00.0321 9552  [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter       C:\Windows\system32\DRIVERS\sdcfilter.sys
22:41:00.0337 9552  sdcfilter - ok
22:41:00.0352 9552  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:41:00.0383 9552  SDRSVC - ok
22:41:00.0399 9552  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:41:00.0446 9552  secdrv - ok
22:41:00.0461 9552  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:41:00.0493 9552  seclogon - ok
22:41:00.0508 9552  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:41:00.0539 9552  SENS - ok
22:41:00.0555 9552  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:41:00.0571 9552  SensrSvc - ok
22:41:00.0602 9552  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:41:00.0633 9552  Serenum - ok
22:41:00.0649 9552  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:41:00.0664 9552  Serial - ok
22:41:00.0680 9552  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:41:00.0695 9552  sermouse - ok
22:41:00.0727 9552  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:41:00.0773 9552  SessionEnv - ok
22:41:00.0773 9552  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:41:00.0789 9552  sffdisk - ok
22:41:00.0789 9552  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:41:00.0820 9552  sffp_mmc - ok
22:41:00.0820 9552  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:41:00.0851 9552  sffp_sd - ok
22:41:00.0851 9552  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:41:00.0867 9552  sfloppy - ok
22:41:00.0898 9552  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:41:00.0929 9552  SharedAccess - ok
22:41:00.0961 9552  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:41:00.0992 9552  ShellHWDetection - ok
22:41:01.0007 9552  [ 7AC6FBFC13ABA3F15B05986412D10E10 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
22:41:01.0023 9552  Shockprf - ok
22:41:01.0023 9552  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:41:01.0039 9552  SiSRaid2 - ok
22:41:01.0039 9552  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:41:01.0054 9552  SiSRaid4 - ok
22:41:01.0117 9552  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:41:01.0475 9552  SkypeUpdate - ok
22:41:01.0522 9552  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:41:01.0585 9552  Smb - ok
22:41:01.0616 9552  [ D6E492E3BBC9893E587E6A4DF3E60845 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
22:41:01.0631 9552  SmbDrvI - ok
22:41:01.0647 9552  smihlp2 - ok
22:41:01.0663 9552  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:41:01.0694 9552  SNMPTRAP - ok
22:41:01.0725 9552  [ 89F663C9ACA369C0E327C00D2C220AA9 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
22:41:01.0741 9552  Sophos AutoUpdate Service - ok
22:41:01.0787 9552  [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
22:41:01.0865 9552  Sophos Web Control Service - ok
22:41:01.0881 9552  [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
22:41:01.0897 9552  SophosBootDriver - ok
22:41:01.0912 9552  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:41:01.0912 9552  spldr - ok
22:41:01.0975 9552  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:41:02.0037 9552  Spooler - ok
22:41:02.0131 9552  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:41:02.0224 9552  sppsvc - ok
22:41:02.0240 9552  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:41:02.0255 9552  sppuinotify - ok
22:41:02.0380 9552  [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:41:02.0443 9552  SQLAgent$SQLEXPRESS - ok
22:41:02.0505 9552  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:41:03.0082 9552  SQLBrowser - ok
22:41:03.0223 9552  [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:41:03.0254 9552  SQLWriter - ok
22:41:03.0285 9552  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:41:03.0347 9552  srv - ok
22:41:03.0363 9552  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:41:03.0394 9552  srv2 - ok
22:41:03.0425 9552  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:41:03.0425 9552  srvnet - ok
22:41:03.0472 9552  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:41:03.0550 9552  SSDPSRV - ok
22:41:03.0566 9552  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:41:03.0597 9552  SstpSvc - ok
22:41:03.0628 9552  Steam Client Service - ok
22:41:03.0628 9552  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:41:03.0644 9552  stexstor - ok
22:41:03.0675 9552  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:41:03.0691 9552  stisvc - ok
22:41:03.0722 9552  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:41:03.0737 9552  storflt - ok
22:41:03.0753 9552  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
22:41:03.0784 9552  StorSvc - ok
22:41:03.0815 9552  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:41:03.0815 9552  storvsc - ok
22:41:03.0878 9552  [ 9D4A85334D002B6A6FDB7C5F3E3722EB ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
22:41:03.0956 9552  SUService - ok
22:41:03.0971 9552  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:41:03.0987 9552  swenum - ok
22:41:04.0081 9552  [ FF4057FF51ED100C0003B2FE128C2194 ] swi_service     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
22:41:04.0533 9552  swi_service - ok
22:41:04.0689 9552  [ 79FF2406BB7EB7DACB12EE3DBF8F91AE ] swi_update_64   C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
22:41:04.0767 9552  swi_update_64 - ok
22:41:04.0798 9552  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:41:04.0845 9552  swprv - ok
22:41:04.0907 9552  [ AEAE48AF681BAF5904608FF5D84E3C9C ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:41:04.0939 9552  SynTP - ok
22:41:04.0985 9552  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:41:05.0032 9552  SysMain - ok
22:41:05.0048 9552  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:41:05.0063 9552  TabletInputService - ok
22:41:05.0204 9552  [ F17FF4B4C50E44AF092737A53554EF06 ] TabletServiceISD C:\Program Files\Tablet\ISD\ISD_Tablet.exe
22:41:05.0360 9552  TabletServiceISD - ok
22:41:05.0407 9552  [ 11D71488730B872F41F2D31522EE52B8 ] TabletSVC       C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe
22:41:05.0438 9552  TabletSVC - ok
22:41:05.0469 9552  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:41:05.0485 9552  TapiSrv - ok
22:41:05.0500 9552  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:41:05.0547 9552  TBS - ok
22:41:05.0609 9552  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:41:05.0656 9552  Tcpip - ok
22:41:05.0687 9552  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:41:05.0734 9552  TCPIP6 - ok
22:41:05.0765 9552  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:41:05.0781 9552  tcpipreg - ok
22:41:05.0797 9552  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:41:05.0828 9552  TDPIPE - ok
22:41:05.0843 9552  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:41:05.0859 9552  TDTCP - ok
22:41:05.0875 9552  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:41:05.0906 9552  tdx - ok
22:41:05.0937 9552  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:41:05.0953 9552  TermDD - ok
22:41:05.0984 9552  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:41:06.0015 9552  TermService - ok
22:41:06.0015 9552  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:41:06.0031 9552  Themes - ok
22:41:06.0062 9552  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:41:06.0077 9552  THREADORDER - ok
22:41:06.0109 9552  [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr         C:\Windows\System32\tlntsvr.exe
22:41:06.0155 9552  TlntSvr - ok
22:41:06.0187 9552  [ 6D8E981B1E7026AD906345DAD003435F ] TouchServiceISD C:\Program Files\Tablet\ISD\ISD_TouchService.exe
22:41:06.0218 9552  TouchServiceISD - ok
22:41:06.0233 9552  [ BC148E3415BF8A9DE83364966F75044F ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
22:41:06.0249 9552  TPDIGIMN - ok
22:41:06.0265 9552  [ BBD91008BEC4A2BA5D383BC9A15D6F9E ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
22:41:06.0280 9552  TPHDEXLGSVC - ok
22:41:06.0343 9552  [ C91C8BD1CBECAFE706D4423A2786F20F ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
22:41:06.0390 9552  TPHKLOAD - ok
22:41:06.0405 9552  [ 5B62F45C87CC0FB176C5358EEA6CFB4C ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
22:41:06.0436 9552  TPHKSVC - ok
22:41:06.0468 9552  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
22:41:06.0468 9552  TPM - ok
22:41:06.0499 9552  [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
22:41:06.0514 9552  TPPWRIF - ok
22:41:06.0546 9552  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:41:06.0577 9552  TrkWks - ok
22:41:06.0608 9552  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:41:06.0655 9552  TrustedInstaller - ok
22:41:06.0670 9552  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:41:06.0717 9552  tssecsrv - ok
22:41:06.0748 9552  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:41:06.0780 9552  TsUsbFlt - ok
22:41:06.0811 9552  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:41:06.0858 9552  TsUsbGD - ok
22:41:06.0889 9552  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:41:06.0951 9552  tunnel - ok
22:41:06.0967 9552  [ D4915DB03B19F9FD50EC084CC0ED15FC ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
22:41:06.0982 9552  TVTI2C - ok
22:41:07.0014 9552  [ 760B34088C2AD8D634CC3784EF3A2CA2 ] tvtvcamd        C:\Windows\system32\DRIVERS\tvtvcamd.sys
22:41:07.0029 9552  tvtvcamd - ok
22:41:07.0029 9552  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:41:07.0045 9552  uagp35 - ok
22:41:07.0060 9552  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:41:07.0107 9552  udfs - ok
22:41:07.0216 9552  [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
22:41:07.0263 9552  UI Assistant Service - ok
22:41:07.0279 9552  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:41:07.0310 9552  UI0Detect - ok
22:41:07.0326 9552  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:41:07.0341 9552  uliagpkx - ok
22:41:07.0357 9552  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:41:07.0372 9552  umbus - ok
22:41:07.0372 9552  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:41:07.0404 9552  UmPass - ok
22:41:07.0419 9552  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
22:41:07.0435 9552  UmRdpService - ok
22:41:07.0513 9552  [ CABEC311CEA77EAEA3DC04A1ADFC0459 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:41:07.0575 9552  UNS - ok
22:41:07.0591 9552  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:41:07.0622 9552  upnphost - ok
22:41:07.0638 9552  [ 6CC0985C3BB5931F73FF0846E06A9483 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:41:07.0669 9552  usbccgp - ok
22:41:07.0684 9552  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:41:07.0716 9552  usbcir - ok
22:41:07.0731 9552  [ 6B3D5E6A9DA786EC755B00BC180C700B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:41:07.0747 9552  usbehci - ok
22:41:07.0778 9552  [ 5A15C8D6A898D39E9171B437FF2326E0 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:41:07.0809 9552  usbhub - ok
22:41:07.0825 9552  [ 660B2C08CE7103E71EAA26F85B0B0A56 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:41:07.0840 9552  usbohci - ok
22:41:07.0856 9552  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:41:07.0887 9552  usbprint - ok
22:41:07.0903 9552  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:41:07.0965 9552  USBSTOR - ok
22:41:07.0965 9552  [ 1529632FC96032D337B298F8A285D640 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:41:07.0981 9552  usbuhci - ok
22:41:07.0996 9552  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:41:08.0012 9552  usbvideo - ok
22:41:08.0028 9552  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:41:08.0059 9552  UxSms - ok
22:41:08.0090 9552  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:41:08.0106 9552  VaultSvc - ok
22:41:08.0106 9552  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:41:08.0121 9552  vdrvroot - ok
22:41:08.0137 9552  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:41:08.0168 9552  vds - ok
22:41:08.0184 9552  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:41:08.0199 9552  vga - ok
22:41:08.0215 9552  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:41:08.0246 9552  VgaSave - ok
22:41:08.0246 9552  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:41:08.0277 9552  vhdmp - ok
22:41:08.0277 9552  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:41:08.0277 9552  viaide - ok
22:41:08.0324 9552  [ 49C122513203B98B0B2C10211F23450B ] VIPAppService   C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
22:41:08.0386 9552  VIPAppService - ok
22:41:08.0480 9552  [ C740CC9D52EB278A86F42075DA96CB19 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
22:41:08.0589 9552  VMAuthdService - ok
22:41:08.0605 9552  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:41:08.0620 9552  vmbus - ok
22:41:08.0620 9552  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:41:08.0652 9552  VMBusHID - ok
22:41:08.0683 9552  [ 6203C901DEFF10631AAD919B3BD1489B ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
22:41:08.0714 9552  vmci - ok
22:41:08.0761 9552  [ E75DDD0A4768CF509C80E76B8428A644 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
22:41:08.0776 9552  vmkbd - ok
22:41:08.0776 9552  [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
22:41:08.0792 9552  VMnetAdapter - ok
22:41:08.0808 9552  [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
22:41:08.0823 9552  VMnetBridge - ok
22:41:08.0823 9552  VMnetDHCP - ok
22:41:08.0839 9552  [ 25FBBC8C168AEE1753C330352EA6D009 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
22:41:08.0854 9552  VMnetuserif - ok
22:41:08.0886 9552  [ 415B167695C4B5960A13098622EF3D80 ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
22:41:08.0901 9552  vmusb - ok
22:41:08.0932 9552  [ B55A8DADA1D825B73C811101B06E012F ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
22:41:08.0979 9552  VMUSBArbService - ok
22:41:08.0979 9552  VMware NAT Service - ok
22:41:09.0010 9552  [ D37CB37BF3FB6612BCA19D81EFA16122 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
22:41:09.0010 9552  vmx86 - ok
22:41:09.0042 9552  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:41:09.0057 9552  volmgr - ok
22:41:09.0057 9552  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:41:09.0088 9552  volmgrx - ok
22:41:09.0088 9552  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:41:09.0120 9552  volsnap - ok
22:41:09.0135 9552  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:41:09.0135 9552  vsmraid - ok
22:41:09.0182 9552  [ EF1E48D431223F670CFFD6169B1A136F ] vsock           C:\Windows\system32\drivers\vsock.sys
22:41:09.0198 9552  vsock - ok
22:41:09.0244 9552  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:41:09.0291 9552  VSS - ok
22:41:09.0307 9552  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:41:09.0338 9552  vwifibus - ok
22:41:09.0354 9552  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:41:09.0369 9552  vwififlt - ok
22:41:09.0400 9552  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:41:09.0416 9552  vwifimp - ok
22:41:09.0432 9552  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:41:09.0463 9552  W32Time - ok
22:41:09.0494 9552  [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
22:41:09.0494 9552  wacommousefilter - ok
22:41:09.0510 9552  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:41:09.0525 9552  WacomPen - ok
22:41:09.0541 9552  [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid       C:\Windows\system32\DRIVERS\wacomvhid.sys
22:41:09.0556 9552  wacomvhid - ok
22:41:09.0556 9552  [ EF4D5242C0E2F74BA8E74C31F57A11CB ] wacomvthid      C:\Windows\system32\DRIVERS\WacomVTHid.sys
22:41:09.0572 9552  wacomvthid - ok
22:41:09.0588 9552  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:41:09.0619 9552  WANARP - ok
22:41:09.0634 9552  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:41:09.0650 9552  Wanarpv6 - ok
22:41:09.0681 9552  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:41:09.0744 9552  wbengine - ok
22:41:09.0759 9552  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:41:09.0775 9552  WbioSrvc - ok
22:41:09.0790 9552  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:41:09.0806 9552  wcncsvc - ok
22:41:09.0822 9552  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:41:09.0837 9552  WcsPlugInService - ok
22:41:09.0853 9552  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:41:09.0868 9552  Wd - ok
22:41:09.0931 9552  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:41:09.0978 9552  Wdf01000 - ok
22:41:09.0993 9552  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:41:10.0056 9552  WdiServiceHost - ok
22:41:10.0071 9552  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:41:10.0087 9552  WdiSystemHost - ok
22:41:10.0102 9552  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:41:10.0134 9552  WebClient - ok
22:41:10.0196 9552  [ 507D80C0ACCC3B4FC123BD99D0AF3F97 ] WebUpdate4      C:\Windows\SysWOW64\WebUpdateSvc4.exe
22:41:10.0290 9552  WebUpdate4 - ok
22:41:10.0336 9552  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:41:10.0414 9552  Wecsvc - ok
22:41:10.0446 9552  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:41:10.0492 9552  wercplsupport - ok
22:41:10.0492 9552  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:41:10.0539 9552  WerSvc - ok
22:41:10.0555 9552  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:41:10.0586 9552  WfpLwf - ok
22:41:10.0602 9552  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:41:10.0617 9552  WIMMount - ok
22:41:10.0648 9552  WinDefend - ok
22:41:10.0648 9552  WinHttpAutoProxySvc - ok
22:41:10.0711 9552  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:41:10.0773 9552  Winmgmt - ok
22:41:10.0867 9552  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:41:10.0945 9552  WinRM - ok
22:41:10.0976 9552  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
22:41:11.0023 9552  WinUsb - ok
22:41:11.0054 9552  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:41:11.0085 9552  Wlansvc - ok
22:41:11.0116 9552  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:41:11.0132 9552  wlcrasvc - ok
22:41:11.0210 9552  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:41:11.0304 9552  wlidsvc - ok
22:41:11.0335 9552  WMCoreService - ok
22:41:11.0350 9552  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:41:11.0382 9552  WmiAcpi - ok
22:41:11.0413 9552  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:41:11.0444 9552  wmiApSrv - ok
22:41:11.0475 9552  WMPNetworkSvc - ok
22:41:11.0491 9552  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:41:11.0538 9552  WPCSvc - ok
22:41:11.0538 9552  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:41:11.0600 9552  WPDBusEnum - ok
22:41:11.0616 9552  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:41:11.0647 9552  ws2ifsl - ok
22:41:11.0662 9552  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:41:11.0678 9552  wscsvc - ok
22:41:11.0694 9552  WSearch - ok
22:41:11.0740 9552  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:41:11.0787 9552  wuauserv - ok
22:41:11.0818 9552  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:41:11.0881 9552  WudfPf - ok
22:41:11.0912 9552  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:41:11.0928 9552  WUDFRd - ok
22:41:11.0943 9552  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:41:11.0974 9552  wudfsvc - ok
22:41:12.0006 9552  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:41:12.0084 9552  WwanSvc - ok
22:41:12.0115 9552  [ 747DA6EE261B3760201D7738E0FD59B8 ] WwanUsbServ     C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
22:41:12.0130 9552  WwanUsbServ - ok
22:41:12.0224 9552  [ D2FE4103450E52CB248D842501F84B90 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
22:41:12.0318 9552  ZeroConfigService - ok
22:41:12.0364 9552  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:41:12.0396 9552  ZTEusbmdm6k - ok
22:41:12.0411 9552  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:41:12.0427 9552  ZTEusbnmea - ok
22:41:12.0442 9552  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:41:12.0458 9552  ZTEusbser6k - ok
22:41:12.0489 9552  ================ Scan global ===============================
22:41:12.0520 9552  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:41:12.0536 9552  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:41:12.0536 9552  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:41:12.0567 9552  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:41:12.0583 9552  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:41:12.0598 9552  [Global] - ok
22:41:12.0598 9552  ================ Scan MBR ==================================
22:41:12.0598 9552  [ 5E7AD3EE7E16FBD055DBBE3FA3364F04 ] \Device\Harddisk0\DR0
22:41:12.0832 9552  \Device\Harddisk0\DR0 - ok
22:41:12.0832 9552  ================ Scan VBR ==================================
22:41:12.0832 9552  [ 586C9B3C504C9AFABBFAF37CCE9D427B ] \Device\Harddisk0\DR0\Partition1
22:41:12.0832 9552  \Device\Harddisk0\DR0\Partition1 - ok
22:41:12.0864 9552  [ A6E641D8545C39C74EF236D4EBDC1495 ] \Device\Harddisk0\DR0\Partition2
22:41:12.0864 9552  \Device\Harddisk0\DR0\Partition2 - ok
22:41:12.0895 9552  [ 3A449B0691B3CDE97E35C29A170D4D95 ] \Device\Harddisk0\DR0\Partition3
22:41:12.0895 9552  \Device\Harddisk0\DR0\Partition3 - ok
22:41:12.0895 9552  ============================================================
22:41:12.0895 9552  Scan finished
22:41:12.0895 9552  ============================================================
22:41:12.0910 4240  Detected object count: 0
22:41:12.0910 4240  Actual detected object count: 0
22:42:08.0914 3004  Deinitialize success

cosinus · 20.07.2013, 01:09

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Oemerich · 20.07.2013, 10:07

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Professional x64
Ran by Stefan on 20.07.13 at 10:00:05,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2229069395-3310141160-2300989888-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2851647
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{83FDA5A0-0FB2-42AE-AEDE-6DFC67F8C71F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9DD9F623-6912-43CB-8DEF-1FD002EC63A0}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Stefan\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Stefan\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Stefan\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Stefan\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Stefan\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\smartbar
Successfully deleted the following from C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\prefs.js

user_pref("CT2851647.1000234.TWC_TMP_city", "BERLIN");
user_pref("CT2851647.1000234.TWC_TMP_country", "DE");
user_pref("CT2851647.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.FirstTime", "true");
user_pref("CT2851647.FirstTimeFF3", "true");
user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=");
user_pref("CT2851647.UserID", "UN05950239423715231");
user_pref("CT2851647.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2851647.autoDisableScopes", -1);
user_pref("CT2851647.browser.search.defaultthis.engineName", true);
user_pref("CT2851647.cbcountry_001", "DE");
user_pref("CT2851647.cbfirsttime", "Fri Oct 26 2012 23:52:41 GMT+0200");
user_pref("CT2851647.embeddedsData", "[{\"appId\":\"129351532245275780\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2851647.enableAlerts", "always");
user_pref("CT2851647.enableSearchFromAddressBar", "true");
user_pref("CT2851647.firstTimeDialogOpened", "true");
user_pref("CT2851647.fixPageNotFoundError", "true");
user_pref("CT2851647.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2851647.fixUrls", true);
user_pref("CT2851647.installId", "fft3639.tmp.exe");
user_pref("CT2851647.installType", "XPE");
user_pref("CT2851647.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.isNewTabEnabled", true);
user_pref("CT2851647.isPerformedSmartBarTransition", "true");
user_pref("CT2851647.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2851647.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2851647.keyword", true);
user_pref("CT2851647.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/
user_pref("CT2851647.openThankYouPage", "true");
user_pref("CT2851647.openUninstallPage", "FALSE");
user_pref("CT2851647.scriptSource", "hxxp://127.0.0.1:10000/gui/");
user_pref("CT2851647.search.searchAppId", "129351532245275780");
user_pref("CT2851647.search.searchCount", "0");
user_pref("CT2851647.searchInNewTabEnabledInHidden", "true");
user_pref("CT2851647.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2851647.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851647\"}");
user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarDE.OurToolbar.com//xpi\"}");
user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_DE\"}");
user_pref("CT2851647.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1351288357561");
user_pref("CT2851647.serviceLayer_services_appsMetadata_lastUpdate", "1351288356107");
user_pref("CT2851647.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1351288358086");
user_pref("CT2851647.serviceLayer_services_login_10.10.27.6_lastUpdate", "1351288361320");
user_pref("CT2851647.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1351288358140");
user_pref("CT2851647.serviceLayer_services_searchAPI_lastUpdate", "1351288353292");
user_pref("CT2851647.serviceLayer_services_serviceMap_lastUpdate", "1351288352295");
user_pref("CT2851647.serviceLayer_services_toolbarContextMenu_lastUpdate", "1351288358186");
user_pref("CT2851647.serviceLayer_services_toolbarSettings_lastUpdate", "1351288353387");
user_pref("CT2851647.serviceLayer_services_translation_lastUpdate", "1351288357479");
user_pref("CT2851647.settingsINI", true);
user_pref("CT2851647.shouldFirstTimeDialog", "false");
user_pref("CT2851647.smartbar.CTID", "CT2851647");
user_pref("CT2851647.smartbar.Uninstall", "0");
user_pref("CT2851647.smartbar.homepage", true);
user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
user_pref("CT2851647.startPage", "TRUE");
user_pref("CT2851647.toolbarBornServerTime", "27-10-2012");
user_pref("CT2851647.toolbarCurrentServerTime", "27-10-2012");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
user_pref("Smartbar.ConduitSearchEngineList", "uTorrentBar_DE Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT2851647");
user_pref("browser.search.order.1", "Ask.com");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=");
Emptied folder: C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\minidumps [77 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.07.13 at 10:05:23,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADWcleaner:

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 20/07/2013 um 10:12:23 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Stefan - BRELLA-SEPP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gelöscht : C:\Users\Stefan\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\uTorrentBar_DE

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0FE24227-EF1D-4BE0-AFA6-37DA37571B07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FA51905-33AD-4263-928A-7B762AA0CDB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\w3p8t5fg.default\prefs.js

Gelöscht : user_pref("CT2851647.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2851647.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2851647.embeddedsData", "[{\"appId\":\"129351532245275780\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2851647.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2851647.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2851647.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2851647.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gelöscht : user_pref("CT2851647.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2851647.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2851647.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\frcfezmz.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2130] : homepage = "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48",

*************************

AdwCleaner[S1].txt - [338 octets] - [20/07/2013 10:11:33]
AdwCleaner[S2].txt - [5175 octets] - [20/07/2013 10:12:23]

########## EOF - C:\AdwCleaner[S2].txt - [5235 octets] ##########

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 20.07.13 10:19:32 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
3,72 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 47,98% Memory free
7,45 Gb Paging File | 5,29 Gb Available in Paging File | 71,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,62 Gb Total Space | 146,65 Gb Free Space | 32,54% Space Free | Partition Type: NTFS
Drive D: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Q: | 13,67 Gb Total Space | 2,32 Gb Free Space | 16,94% Space Free | Partition Type: NTFS
 
Computer Name: BRELLA-SEPP | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe (Lenovo)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMResident.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Lenovo)
PRC - C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll ()
MOD - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe ()
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (Guard Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MacheenService) -- C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe (Macheen)
SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (VIPAppService) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation)
SRV - (TouchServiceISD) -- C:\Programme\Tablet\ISD\ISD_TouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServiceISD) -- C:\Programme\Tablet\ISD\ISD_Tablet.exe (Wacom Technology, Corp.)
SRV - (LENOVO.TVTVCAM) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (TabletSVC) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe (Lenovo Group Limited)
SRV - (WMCoreService) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (FastbootService) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Lenovo)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (ASRSVC) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe (Lenovo Group Limited)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WebUpdate4) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (smihlp2) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys File not found
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (cbfs4) -- C:\Windows\SysNative\drivers\cbfs4.sys (EldoS Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()
DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (wacomvthid) -- C:\Windows\SysNative\drivers\WacomVTHid.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (l36wgps) -- C:\Windows\SysNative\drivers\l36wgps64.sys (Ericsson AB)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tvtvcamd) -- C:\Windows\SysNative\drivers\tvtvcamd.sys (ThinkVantage Communications Utility)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\wstbtndb.sys (Lenovo)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2229069395-3310141160-2300989888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-2229069395-3310141160-2300989888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2229069395-3310141160-2300989888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2229069395-3310141160-2300989888-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2229069395-3310141160-2300989888-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2229069395-3310141160-2300989888-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKU\S-1-5-21-2229069395-3310141160-2300989888-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Be8f509f0-b677-11de-8a39-0800200c9a66%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.9: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.07.28 16:46:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.10.02 10:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.30 13:43:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.28 14:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.30 13:43:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.28 14:03:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.29 21:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2013.05.26 21:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\w3p8t5fg.default\extensions
[2013.05.26 21:12:17 | 000,534,431 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.05.09 13:05:23 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.12 14:57:06 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
[2012.09.25 23:23:59 | 000,001,499 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\computerbase.xml
[2013.01.14 15:38:13 | 000,005,462 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\das-rtliche.xml
[2012.11.11 17:14:33 | 000,001,330 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\wikipedia-en.xml
[2013.01.06 23:46:28 | 000,002,446 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\wiktionary-de.xml
[2012.09.21 22:49:04 | 000,002,057 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\youtube-videosuche.xml
[2013.06.30 13:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.30 13:44:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ResetACGauge] C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TSMResident] C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMRESIDENT.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0265F7FF-6635-4F90-9365-901FB054D9D1}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692E5C5D-0503-4B4D-8A2D-5E05904BB693}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6EE25AC-971F-476E-8EF3-68612859A062}: NameServer = 195.230.105.134 195.230.105.135
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {52983F03-8160-49F0-A3D9-B60F8E54A900} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator-cbfs4 - {52983F03-8160-49F0-A3D9-B60F8E54A900} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {52983F03-8160-49F0-A3D9-B60F8E54A900} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {52983F03-8160-49F0-A3D9-B60F8E54A900} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.15 05:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{a305d895-d8bf-11e1-b41a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a305d895-d8bf-11e1-b41a-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 05:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.20 09:59:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.19 00:12:44 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\trojaner-board alt
[2013.07.18 23:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.18 23:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.17 20:03:38 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.16 03:10:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.07.15 17:38:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.07.09 22:57:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.07.09 22:57:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.07.09 22:57:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.07.09 22:57:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.07.09 22:57:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.07.09 22:57:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.07.09 22:57:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.07.09 22:57:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.07.09 22:57:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.07.09 22:57:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.09 22:57:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.07.09 22:57:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.09 22:57:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.07.09 22:57:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.09 22:57:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.07.09 22:31:25 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013.07.09 22:31:25 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013.07.09 22:31:24 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.09 22:31:24 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.07.09 22:30:20 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.07.07 14:27:45 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2013.07.07 14:27:45 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2013.07.07 14:27:45 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2013.07.07 14:27:45 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2013.07.07 14:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2013.07.07 14:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick
[2013.07.07 13:49:50 | 000,000,000 | ---D | C] -- C:\UserData
[2013.07.07 13:42:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2013.06.30 13:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.30 13:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.28 19:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2013.06.28 18:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire Interactive
[2013.06.28 14:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.20 10:22:34 | 000,034,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.20 10:22:34 | 000,034,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.20 10:22:01 | 000,768,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.20 10:22:01 | 000,723,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.20 10:22:01 | 000,176,278 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.20 10:22:01 | 000,148,914 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.20 10:22:00 | 001,816,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.20 10:15:43 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.20 10:14:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.20 10:14:16 | 2999,533,568 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.20 09:54:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.16 21:29:21 | 000,095,077 | ---- | M] () -- C:\Users\Stefan\Desktop\Amazon.de - Rücksendezentrum.pdf
[2013.07.16 06:36:25 | 1633,951,387 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.07.15 17:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.07.15 17:36:30 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2013.07.14 20:46:03 | 005,872,658 | ---- | M] () -- C:\Users\Stefan\In Flames   Evil in a Closet Video    19leela91   MyVideo.mp3
[2013.07.10 22:32:04 | 000,300,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.01 23:48:43 | 003,841,687 | ---- | M] () -- C:\Users\Stefan\Desktop\deniselvsth62vkura4my.jpg
[2013.06.30 21:58:51 | 000,586,967 | ---- | M] () -- C:\Users\Stefan\Desktop\Bewerbungsformular_WG_06_2012.pdf
[2013.06.28 15:40:11 | 004,629,096 | ---- | M] () -- C:\Users\Stefan\In Flames   My Sweet Shadow[1].mp3
[2013.06.28 15:17:20 | 007,062,622 | ---- | M] () -- C:\Users\Stefan\In Flames   Only for the weak   Vidéo Dailymotion.mp3
[2013.06.28 15:16:47 | 005,525,619 | ---- | M] () -- C:\Users\Stefan\In Flames   Come Clarity [OFFICIAL VIDEO].mp3
[2013.06.28 15:15:31 | 005,868,552 | ---- | M] () -- C:\Users\Stefan\In Flames   Evil In A Closet.mp3
[2013.06.28 15:13:15 | 005,480,227 | ---- | M] () -- C:\Users\Stefan\In Flames   Dial 595 Escape Video    parare4   MyVideo.mp3
[2013.06.28 14:58:02 | 005,463,804 | ---- | M] () -- C:\Users\Stefan\IN FLAMES   Take This Life.mp3
[2013.06.28 14:57:31 | 004,629,096 | ---- | M] () -- C:\Users\Stefan\In Flames   My Sweet Shadow.mp3
[2013.06.28 14:56:57 | 004,856,675 | ---- | M] () -- C:\Users\Stefan\In Flames   The Quiet Place [HD].mp3
[2013.06.24 17:17:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.24 17:17:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.22 13:56:46 | 010,791,905 | ---- | M] () -- C:\Users\Stefan\Hitchcock's Psycho Soundtrack.mp3
[2013.06.22 13:31:57 | 009,309,821 | ---- | M] () -- C:\Users\Stefan\Bernard Herrmann   Vertigo (theme).mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.16 21:29:19 | 000,095,077 | ---- | C] () -- C:\Users\Stefan\Desktop\Amazon.de - Rücksendezentrum.pdf
[2013.07.15 17:36:30 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2013.07.14 20:45:54 | 005,872,658 | ---- | C] () -- C:\Users\Stefan\In Flames   Evil in a Closet Video    19leela91   MyVideo.mp3
[2013.07.07 13:49:50 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml
[2013.07.01 23:48:42 | 003,841,687 | ---- | C] () -- C:\Users\Stefan\Desktop\deniselvsth62vkura4my.jpg
[2013.06.30 21:24:28 | 000,586,967 | ---- | C] () -- C:\Users\Stefan\Desktop\Bewerbungsformular_WG_06_2012.pdf
[2013.06.28 15:40:06 | 004,629,096 | ---- | C] () -- C:\Users\Stefan\In Flames   My Sweet Shadow[1].mp3
[2013.06.28 15:17:12 | 007,062,622 | ---- | C] () -- C:\Users\Stefan\In Flames   Only for the weak   Vidéo Dailymotion.mp3
[2013.06.28 15:16:42 | 005,525,619 | ---- | C] () -- C:\Users\Stefan\In Flames   Come Clarity [OFFICIAL VIDEO].mp3
[2013.06.28 15:15:24 | 005,868,552 | ---- | C] () -- C:\Users\Stefan\In Flames   Evil In A Closet.mp3
[2013.06.28 15:13:08 | 005,480,227 | ---- | C] () -- C:\Users\Stefan\In Flames   Dial 595 Escape Video    parare4   MyVideo.mp3
[2013.06.28 14:57:55 | 005,463,804 | ---- | C] () -- C:\Users\Stefan\IN FLAMES   Take This Life.mp3
[2013.06.28 14:57:25 | 004,629,096 | ---- | C] () -- C:\Users\Stefan\In Flames   My Sweet Shadow.mp3
[2013.06.28 14:56:50 | 004,856,675 | ---- | C] () -- C:\Users\Stefan\In Flames   The Quiet Place [HD].mp3
[2013.06.22 13:56:33 | 010,791,905 | ---- | C] () -- C:\Users\Stefan\Hitchcock's Psycho Soundtrack.mp3
[2013.06.22 13:31:46 | 009,309,821 | ---- | C] () -- C:\Users\Stefan\Bernard Herrmann   Vertigo (theme).mp3
[2013.06.02 17:49:32 | 008,983,664 | ---- | C] () -- C:\Users\Stefan\Title4 - Chapter 03.mp3
[2013.06.02 17:48:57 | 008,110,880 | ---- | C] () -- C:\Users\Stefan\Title4 - Chapter 02.mp3
[2013.06.02 17:48:32 | 006,406,856 | ---- | C] () -- C:\Users\Stefan\Title4 - Chapter 01.mp3
[2013.06.02 17:47:36 | 011,943,632 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 16.mp3
[2013.06.02 17:46:48 | 011,511,776 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 15.mp3
[2013.06.02 17:45:49 | 014,009,888 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 14.mp3
[2013.06.02 17:45:09 | 009,942,176 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 13.mp3
[2013.06.02 17:44:01 | 016,342,880 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 12.mp3
[2013.06.02 17:43:19 | 010,638,656 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 11.mp3
[2013.06.02 17:42:39 | 007,783,328 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 10.mp3
[2013.06.02 17:41:38 | 013,172,672 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 09.mp3
[2013.06.02 17:40:46 | 009,397,472 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 08.mp3
[2013.06.02 17:39:51 | 009,214,832 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 07.mp3
[2013.06.02 17:38:57 | 010,478,432 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 06.mp3
[2013.06.02 17:37:20 | 017,931,776 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 05.mp3
[2013.06.02 17:36:09 | 011,823,872 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 04.mp3
[2013.06.02 17:35:16 | 007,598,816 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 03.mp3
[2013.06.02 17:34:06 | 010,652,096 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 02.mp3
[2013.06.02 17:32:54 | 009,614,048 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 01.mp3
[2013.06.02 17:32:34 | 001,470,032 | ---- | C] () -- C:\Users\Stefan\Title1 - Chapter 01.mp3
[2013.06.01 15:56:10 | 004,296,169 | ---- | C] () -- C:\Users\Stefan\Bernard Herrmann - Vertigo Main Theme.mp3
[2013.05.30 23:58:28 | 006,691,006 | ---- | C] () -- C:\Users\Stefan\Nightwish - Eva.mp3
[2013.05.30 23:56:32 | 008,350,515 | ---- | C] () -- C:\Users\Stefan\Nightwish - Sahara.mp3
[2013.05.30 23:56:22 | 005,622,758 | ---- | C] () -- C:\Users\Stefan\Nightwish - Amaranth.mp3
[2013.05.30 23:53:24 | 006,676,015 | ---- | C] () -- C:\Users\Stefan\Nightwish - The Islander.mp3
[2013.05.30 23:42:53 | 006,016,424 | ---- | C] () -- C:\Users\Stefan\Nightwish - Sleeping Sun.mp3
[2013.05.30 23:42:43 | 005,921,807 | ---- | C] () -- C:\Users\Stefan\Nightwish - Bless The Child.mp3
[2013.05.30 23:42:18 | 005,889,207 | ---- | C] () -- C:\Users\Stefan\Nightwish - I Wish I Had An Angel.mp3
[2013.05.30 23:41:50 | 006,238,412 | ---- | C] () -- C:\Users\Stefan\Nightwish - Bye Bye Beautiful.mp3
[2013.05.30 23:39:05 | 007,613,915 | ---- | C] () -- C:\Users\Stefan\Nightwish - The Phantom Of The Opera.mp3
[2013.05.30 23:36:06 | 005,840,932 | ---- | C] () -- C:\Users\Stefan\Nightwish - Nemo.mp3
[2013.05.30 23:34:46 | 005,827,140 | ---- | C] () -- C:\Users\Stefan\Nightwish - For The Heart I Once Had.mp3
[2013.05.30 23:29:44 | 006,391,385 | ---- | C] () -- C:\Users\Stefan\Nightwish - The Phantom Of The Opera (2).mp3
[2013.05.30 23:27:35 | 006,391,309 | ---- | C] () -- C:\Users\Stefan\Nightwish 'Phantom Of The Opera'.mp3
[2013.05.28 22:58:24 | 007,022,655 | ---- | C] () -- C:\Users\Stefan\Nonstop   Amazing Dance Skills   Set Fire.mp3
[2013.05.12 16:23:00 | 008,269,066 | ---- | C] () -- C:\Users\Stefan\Matisyahu - One Day.mp3
[2013.05.09 23:53:07 | 009,216,945 | ---- | C] () -- C:\Users\Stefan\Metallica - The Unforgiven.mp3
[2013.05.09 23:51:46 | 007,672,797 | ---- | C] () -- C:\Users\Stefan\Uriah Heep - Lady In Black.mp3
[2013.05.09 23:50:41 | 007,543,696 | ---- | C] () -- C:\Users\Stefan\Skid Row - I Remember You.mp3
[2013.05.09 23:50:03 | 004,649,071 | ---- | C] () -- C:\Users\Stefan\James Brown - It's A Man's World.mp3
[2013.05.09 23:46:22 | 008,611,332 | ---- | C] () -- C:\Users\Stefan\Lynyrd Skynyrd - Simple Man.mp3
[2013.05.09 23:44:59 | 006,218,930 | ---- | C] () -- C:\Users\Stefan\Richie Kotzen - You Can't Save Me.mp3
[2013.05.09 23:43:40 | 004,837,207 | ---- | C] () -- C:\Users\Stefan\Biffy Clyro - Mountains.mp3
[2013.05.09 23:40:56 | 005,100,548 | ---- | C] () -- C:\Users\Stefan\The Tallest Man On Earth - It Will Follow The Rain.mp3
[2013.05.09 23:39:32 | 006,599,471 | ---- | C] () -- C:\Users\Stefan\Bonfire - You Make Me Feel.mp3
[2013.05.09 23:37:53 | 005,604,582 | ---- | C] () -- C:\Users\Stefan\Corvus Corax - Totentanz.mp3
[2013.05.09 23:37:50 | 008,754,272 | ---- | C] () -- C:\Users\Stefan\Axel Rudi Pell - Earls Of Black.mp3
[2013.05.09 23:37:20 | 006,101,108 | ---- | C] () -- C:\Users\Stefan\DJ Bass - The Target.mp3
[2013.05.09 23:33:34 | 008,191,283 | ---- | C] () -- C:\Users\Stefan\Axel Rudi Pell - Tear Down The Walls.mp3
[2013.03.31 23:16:02 | 000,001,465 | ---- | C] () -- C:\Users\Stefan\AppData\Local\recently-used.xbel
[2013.02.19 20:35:12 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013.02.19 20:35:12 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013.02.19 20:34:56 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.21 00:04:52 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.10.02 09:43:59 | 000,001,714 | -H-- | C] () -- C:\Users\Stefan\gsview32.ini
[2012.10.01 10:47:38 | 000,000,017 | ---- | C] () -- C:\Users\Stefan\AppData\Local\resmon.resmoncfg
[2012.09.21 22:38:39 | 000,255,360 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wanancsp.dat
[2012.08.29 20:53:18 | 000,000,313 | ---- | C] () -- C:\ProgramData\LastUpdate.xml
[2012.08.29 20:53:18 | 000,000,225 | ---- | C] () -- C:\Windows\WebUpdateSvc4.INI
[2012.08.29 20:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.07.28 16:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.07.28 16:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012.07.28 16:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.07.28 16:36:55 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.07.28 16:36:54 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.07.28 16:35:59 | 000,035,404 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2012.07.28 16:27:03 | 001,794,696 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.07.07 08:14:36 | 007,195,671 | ---- | M] ()(C:\Users\Stefan\Desire?Under Your Spell.mp3) -- C:\Users\Stefan\DesireːUnder Your Spell.mp3
[2013.06.22 13:48:58 | 007,195,671 | ---- | C] ()(C:\Users\Stefan\Desire?Under Your Spell.mp3) -- C:\Users\Stefan\DesireːUnder Your Spell.mp3

< End of report >

Extras.txt als Zip-Archiv im Anhang, weil es sonst mehr als 120000 Zeichen sind.

cosinus · 21.07.2013, 13:40

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Oemerich · 22.07.2013, 05:26

Vollscan mit MBAM brachte folgendes Ergebnis (keine Funde):

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: BRELLA-SEPP [Administrator]

Schutz: Aktiviert

21.07.13 22:41:25
mbam-log-2013-07-21 (22-41-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 501549
Laufzeit: 1 Stunde(n), 27 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Beim ESET Online Scanner habe ich Probleme.
Ich komme nur bis zum Punkt

Zitat:

Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.

Hier bekomme ich den Fehler "Can not get Update. Is Proxy configured?".
Davor beim ersten mal "Start" drücken bei "Downloading Components" macht er das ohne Probleme.
Sollte ja auch funtionieren, bin über Ethernet und meinen Router direkt mit dem Internet verbunden, ohne irgendwelche Proxies. Deswegen habe ich auch keinen Haken bei "use custom proxy settings" gesetzt.
Internetzugang habe ich laut Windows (Symbol in der Taskleiste über die Netzwerkconnectivität) und Firewall sowie Antivirus sind deaktiviert, trotzdem lädt er seine Signaturen nicht.
Wo könnte da der Fehler liegen?

cosinus · 22.07.2013, 22:41

Hast du den Smart Installer per Rechtsklick als Administrator ausgeführt?

Oemerich · 23.07.2013, 05:21

Das war das Problem.

Eset war anscheinend noch ziemlich fleißig:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dbbd280b89009846ac6a5b7b0e699593
# engine=14497
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-23 02:44:09
# local_time=2013-07-23 04:44:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1141923 126177299 0 0
# compatibility_mode=8450 16777213 85 98 14700 25981419 0 0
# scanned=276689
# found=32
# cleaned=0
# scan_time=14038
sh=26796F678CD404D811083AF2AF9E8513DB7ED9FD ft=1 fh=79b121375212cdbd vn="a variant of Win32/TFTPD32.A application" ac=I fn="C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\AskSLib.dll"
sh=8FF80CFC685BB1F9F4C8DCCCAE674734BA84822B ft=1 fh=83fd9882b10480d8 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.1.3868.exe"
sh=B9DFDDD0DD350D380F1BA6D97667B5671F387EBC ft=1 fh=2702b615f7b8f074 vn="multiple threats" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\foxB380.tmp\Foxit Reader en5.4.5.114(toolbar) Setup.exe"
sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\nse4829.tmp\ApnStub.exe"
sh=5978734217ED07199A2BC3D1CDEEC2754EB09490 ft=1 fh=ad1427d8d2deaf01 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\nseA966.tmp-2\APN_ATU3_.exe"
sh=22B79D0809D467A4486FA7B908D6A71CE4834921 ft=1 fh=dc540613299f2ed7 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\nsrDDED.tmp-2\APN_ATU3_.exe"
sh=23BD0A4165C3DE90109DACD17C13337099846A9F ft=1 fh=a41e3046f92dfa60 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Users\Stefan\AppData\Local\Temp\nst5965.tmp-2\APN_ATU3_.exe"
sh=6520C30E957C3308BFE4CD32DA8F33F60B3E9EFC ft=1 fh=05bf3b3e0eba4b75 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Stefan\Desktop\Mam\Downloads\pf-setup-en-652.exe"
sh=BE8ADAF7D28E4C51CEB958849BA3725013CEA49F ft=1 fh=c46330344474db9d vn="a variant of Win32/SoftonicDownloader.A application" ac=I fn="C:\Users\Stefan\Desktop\Mam\Downloads\SoftonicDownloader_fuer_foxit-pdf-reader.exe"
sh=657AFF745796CFEF595BA6D770E6DA7BD34A2D05 ft=1 fh=92615bca29e82437 vn="multiple threats" ac=I fn="C:\Users\Stefan\OS_Install_Temp\temp\bin\driver2.cab\ImgBurn\SetupImgBurn_2.5.1.0.exe"
sh=030F516A4083937ADCD24B045CEC94F89EFEAD3C ft=1 fh=460b6a6463552079 vn="multiple threats" ac=I fn="C:\Users\Stefan\Setup-Dateien\Multimedia\aTube_Catcher_3.8.1382.exe"
sh=E23B4A5C8F7910E856079509D68C11FD35D19657 ft=1 fh=9b7aac11c08efb25 vn="multiple threats" ac=I fn="C:\Users\Stefan\Setup-Dateien\Multimedia\aTube_Catcher_3.8.1462.exe"
sh=5ECBBB9045FE2455FB3EFA512B13C47CEAE2EA07 ft=1 fh=7763d2a26d4adf77 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Stefan\Setup-Dateien\Multimedia\cdbxp_setup_4.4.2.3442.exe"
sh=EAFFA0F4B976C8F83FFC71868196F8F70DC9C990 ft=1 fh=57adec1c4d44f18a vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Stefan\Setup-Dateien\Office\PDF-Programme\Foxit PDF Reader\FoxitReader531.0606_enu_Setup.exe"
sh=CAB66B0533D06028C0DBA768ED9FEBA8BAEA6979 ft=1 fh=fd40ec8562c3ad05 vn="a variant of Win32/TFTPD32.A application" ac=I fn="C:\Users\Stefan\Setup-Dateien\Sicherheit\tb_free.exe"
sh=3020B029859FCA64DD7302B6A15EB95ED63F2CE4 ft=1 fh=c3fa197657d89c9b vn="Win32/OpenCandy application" ac=I fn="C:\Users\Stefan\Setup-Dateien\System\Key8FinderInstaller.exe"
sh=0389804668FD3A60D73DFFF31847726B019AC478 ft=1 fh=751143e93d939856 vn="a variant of Win32/SweetIM.C application" ac=I fn="C:\Users\Stefan\_Setup-Dateien\sweetimsetup.exe"
sh=E80DD40DCC5C16EA370B2E5F52561E07B8E3E7D8 ft=1 fh=5eb2228dc511a41c vn="Win32/OpenCandy application" ac=I fn="C:\Users\Stefan\_Setup-Dateien\WinOFFSetup.exe"
sh=3128CD4D35E1154B4E179DEE8C1460608076F7ED ft=1 fh=20b11a565bc0ed24 vn="probably a variant of Win32/PSW.Agent.BUPXGWL trojan" ac=I fn="C:\Users\Stefan\_Setup-Dateien\2010 und älter\free-wma-mp3-converter.exe"
sh=3E6BE579B1588CE2B79E3EBDD89283F9C1D5FFD8 ft=1 fh=5086d4164b4f161e vn="Win32/Adware.ADON application" ac=I fn="C:\Users\Stefan\_Setup-Dateien\2010 und älter\P2PMaxDEaTube_aTube10280.exe"
sh=96CC0E0807575924FC26821D7591F7C6A2BF6164 ft=1 fh=786da18a45152475 vn="a variant of Win32/RegistryBooster application" ac=I fn="C:\Users\Stefan\_Setup-Dateien\2010 und älter\registrybooster.exe"
sh=435B841E263B52ADED0C0AADFD5CE2226778A9DD ft=1 fh=b749b88fedec4e00 vn="a variant of Win32/AdInstaller application" ac=I fn="C:\Users\Stefan\_Setup-Dateien\2010 und älter\zlsSetup_70_483_000_en.exe"
sh=BBE418A74FE1CE2F7AED2EAA1A9C2D60D2FA18FC ft=1 fh=cc326bf5ed610e3c vn="Win32/OpenCandy application" ac=I fn="C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\AxCrypt-1.7.2976.0-Setup0.exe"
sh=BBE418A74FE1CE2F7AED2EAA1A9C2D60D2FA18FC ft=1 fh=cc326bf5ed610e3c vn="Win32/OpenCandy application" ac=I fn="C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\AxCrypt-1.7.2976.0-Setup1.exe"
sh=BBE418A74FE1CE2F7AED2EAA1A9C2D60D2FA18FC ft=1 fh=cc326bf5ed610e3c vn="Win32/OpenCandy application" ac=I fn="C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\AxCrypt-1.7.2976.0-Setup2.exe"
sh=BBE418A74FE1CE2F7AED2EAA1A9C2D60D2FA18FC ft=1 fh=cc326bf5ed610e3c vn="Win32/OpenCandy application" ac=I fn="C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\AxCrypt-1.7.2976.0-Setup3.exe"
sh=6FFCD3C158E70AD0B999111DDD6A28C0C864150D ft=1 fh=f4781c1958e203a7 vn="Win32/OpenCandy application" ac=I fn="C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\AxCrypt-1.7.2976.0-Setup4.exe"
sh=DE6840FADB18191E36D5264FAC244452A078C503 ft=1 fh=b182070ed0f7b4b7 vn="Win32/OpenCandy application" ac=I fn="C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\AxCrypt-1.7.2976.0-Setup5.exe"
sh=BBE418A74FE1CE2F7AED2EAA1A9C2D60D2FA18FC ft=1 fh=cc326bf5ed610e3c vn="Win32/OpenCandy application" ac=I fn="C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\AxCrypt-1.7.2976.0-Setup6.exe"
sh=BE8ADAF7D28E4C51CEB958849BA3725013CEA49F ft=1 fh=c46330344474db9d vn="a variant of Win32/SoftonicDownloader.A application" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-2229069395-3310141160-2300989888-1001\$RE64C7T.exe"
sh=6520C30E957C3308BFE4CD32DA8F33F60B3E9EFC ft=1 fh=05bf3b3e0eba4b75 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-2229069395-3310141160-2300989888-1001\$RER61VH.exe"

22.07.2013, 22:41	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu Hast du den Smart Installer per Rechtsklick als Administrator ausgeführt? __________________ Logfiles bitte immer in CODE-Tags posten

Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu

Log-Analyse und Auswertung: Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu