Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu

Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu


Log-Analyse und Auswertung: Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.07.2013, 21:21   #1
Oemerich
 
Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu - Standard

Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu


Hallo zusammen,

ich habe ein Problem mit meinem ca. 1 Jahr alten Win7-64-bit-Laptop von Lenovo.

Mir ist bisher zwei, drei mal folgendes passiert:

Während dem normalen PC-Betrieb (Musik hören über Winamp, surfen im Internet mit Firefox und auf Facebook mit Google Chrome) meldet Sophos Antivirus plötzlich ohne vorherige Ankündigung, dass die "On-Access-Scans" deaktiviert wurden.
Kurz darauf meldet das Fähnchen vom Windows-Wartungscenter, dass das "Windows Sicherheitscenter deaktiviert" wurde (den genauen Wortlaut hier habe ich leider nicht im Kopf, in dem Moment war ich immer total baff und es ging relativ schnell). Weiterhin werden automatisch die Firewall von Windows und andere Sicherheits-Einrichtungen deaktiviert.
Dann dauert es geschätzte 20 Sekunden, dann ist der Rechner plötzlich komplett aus (wie wenn man einfach den Saft abgedreht hätte) und er fährt wieder hoch.

Nach dem Hochfahren verhält sich Sophos wieder ganz normal (On-Access-Scans sind wieder aktiviert) und auch das Wartungscenter vermeldet nur, dass geraten wird, eine Sicherung der Dateien anzulegen (das tut es andauernd, auch vor dem Auftreten des beschriebenen Fehlers).

Anderes evtl. sicherheitsrelevantes, seltsames Verhalten meines Laptops ist mir bisher noch nicht aufgefallen.

Gemäß der Anleitung hab ich zuerst defogger heruntergeladen und ausgeführt.
Ich hatte den Eindruck, dass defogger nichts deaktiviert hat (ich musste nicht neustarten, es ging ganz schnell; außerdem hatte ich nie CD-Emulatoren auf dem Laptop; mit VM-Ware habe ich allerdings zwei virtuelle Maschinen auf dem Laptop, hat das vielleicht einen Einfluss?).

OTL brachte mit deaktivierten Programmen folgende Ergebnisse:

OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.07.13 17:42:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
3,72 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,77% Memory free
7,45 Gb Paging File | 5,06 Gb Available in Paging File | 67,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,62 Gb Total Space | 151,72 Gb Free Space | 33,67% Space Free | Partition Type: NTFS
Drive D: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Q: | 13,67 Gb Total Space | 2,32 Gb Free Space | 16,94% Space Free | Partition Type: NTFS
 
Computer Name: BRELLA-SEPP | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.15 17:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
PRC - [2013.07.15 17:35:51 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
PRC - [2013.06.07 21:37:51 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.06.07 21:37:49 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.06.07 21:36:06 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2013.06.07 21:34:03 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2013.06.07 21:33:53 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.04.19 15:30:20 | 000,583,744 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2013.04.19 15:30:20 | 000,125,504 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2013.04.19 15:30:16 | 000,127,072 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2013.03.18 17:07:58 | 000,602,112 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.10.30 19:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012.10.30 12:20:34 | 001,315,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
PRC - [2012.10.20 00:02:24 | 000,070,728 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
PRC - [2012.09.25 11:52:27 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.05.15 16:45:22 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
PRC - [2012.05.01 23:30:00 | 001,662,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2012.05.01 23:30:00 | 000,128,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2012.04.02 16:53:36 | 000,170,832 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2012.04.02 16:53:18 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2012.02.28 10:20:58 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 10:20:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.28 10:20:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.26 20:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.08 16:38:28 | 000,083,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe
PRC - [2012.01.27 15:06:12 | 000,485,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMResident.exe
PRC - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2010.10.27 22:11:00 | 000,079,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe
PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
PRC - [2010.08.18 03:43:26 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe
PRC - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.15 17:35:51 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
MOD - [2012.10.20 00:01:30 | 000,051,272 | ---- | M] () -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.28 06:52:04 | 000,061,224 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.12.28 22:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009.07.14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013.06.30 13:43:58 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.07 21:37:51 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.06.07 21:36:06 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2013.06.07 21:34:03 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2013.06.07 21:33:53 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.06.07 21:32:50 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2013.04.19 15:30:20 | 000,125,504 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2013.04.19 15:30:16 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2013.04.19 15:30:02 | 000,145,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2013.04.11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013.02.19 20:34:50 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.11.18 15:32:30 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.30 19:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012.10.20 00:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012.10.11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.09.25 11:52:27 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.10 11:23:12 | 000,029,472 | ---- | M] (Macheen) [Disabled | Stopped] -- C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe -- (MacheenService)
SRV - [2012.05.10 15:45:58 | 000,143,936 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2012.05.01 23:30:00 | 001,665,088 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2012.05.01 23:30:00 | 001,662,528 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2012.05.01 23:30:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012.04.19 00:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2012.04.10 17:37:24 | 000,449,912 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\ISD\ISD_TouchService.exe -- (TouchServiceISD)
SRV - [2012.04.10 17:37:22 | 005,650,296 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD)
SRV - [2012.04.02 16:53:36 | 000,170,832 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV - [2012.04.02 16:53:30 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2012.04.02 16:53:18 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2012.02.28 10:20:58 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 10:20:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.28 10:20:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.02.26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.02.26 05:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.02.26 05:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.02.14 11:12:50 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012.02.08 16:38:28 | 000,083,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe -- (TabletSVC)
SRV - [2012.02.03 10:30:06 | 000,655,400 | R--- | M] (Ericsson AB) [Disabled | Stopped] -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2011.11.09 20:11:05 | 008,447,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2011.09.22 22:07:34 | 058,345,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2011.09.22 22:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 22:06:04 | 000,431,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2011.07.12 09:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.10.27 22:11:00 | 000,079,136 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe -- (ASRSVC)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.18 03:43:26 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV:64bit: - [2013.06.07 21:36:19 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2013.04.28 06:52:04 | 000,044,800 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2013.04.24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013.02.26 03:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013.02.26 03:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013.02.26 03:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013.02.26 03:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013.02.26 03:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013.02.19 20:34:56 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.24 20:20:54 | 000,375,640 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs4.sys -- (cbfs4)
DRV:64bit: - [2012.12.06 13:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.10.24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.10.24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.10.20 00:02:16 | 000,189,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2012.10.20 00:02:12 | 000,048,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2012.10.20 00:02:06 | 000,018,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2012.10.20 00:02:04 | 000,058,952 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2012.10.11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.10.11 17:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012.09.25 11:59:13 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.09.25 11:43:12 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2012.09.10 17:06:50 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.29 02:20:11 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.05.01 23:30:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012.05.01 23:30:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012.04.19 17:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012.04.19 17:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012.03.28 13:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012.03.24 00:18:04 | 000,016,368 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVTHid.sys -- (wacomvthid)
DRV:64bit: - [2012.03.24 00:17:58 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2012.03.24 00:17:52 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.14 21:49:50 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.14 21:49:50 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.14 21:49:46 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.14 21:49:46 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.14 21:49:46 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.14 21:49:46 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.01.13 10:08:42 | 000,102,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
DRV:64bit: - [2012.01.11 05:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.12.28 22:48:24 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.12.28 22:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.12.26 11:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.12.08 23:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.08 23:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.12.07 18:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
DRV:64bit: - [2011.12.07 10:54:20 | 000,282,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011.12.05 21:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.10.05 11:38:32 | 000,029,736 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011.10.05 11:38:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011.09.22 22:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011.08.22 15:47:50 | 000,483,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2011.08.22 15:47:50 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2011.08.22 15:47:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2011.08.22 15:47:44 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2011.05.29 12:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011.05.25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.06.28 19:39:46 | 000,017,064 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wstbtndb.sys -- (HBtnKey)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.26 16:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKCU\..\SearchScopes\{83FDA5A0-0FB2-42AE-AEDE-6DFC67F8C71F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=kw&q={searchTerms}&locale=&apn_ptnrs=UJ&apn_dtid=YYYYYYYYDE&apn_uid=42e32f80-b696-4222-873a-ee5a448a2c2e&apn_sauid=611482D1-574D-4CED-9B1F-90912EBB5208
IE - HKCU\..\SearchScopes\{9DD9F623-6912-43CB-8DEF-1FD002EC63A0}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2851647.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Be8f509f0-b677-11de-8a39-0800200c9a66%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.9: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.07.28 16:46:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.10.02 10:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.30 13:43:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.28 14:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.30 13:43:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.28 14:03:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.29 21:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2013.05.26 21:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\w3p8t5fg.default\extensions
[2013.05.26 21:12:17 | 000,534,431 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.05.09 13:05:23 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.12 14:57:06 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
[2012.09.25 23:23:59 | 000,001,499 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\computerbase.xml
[2013.01.14 15:38:13 | 000,005,462 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\das-rtliche.xml
[2012.11.11 17:14:33 | 000,001,330 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\wikipedia-en.xml
[2013.01.06 23:46:28 | 000,002,446 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\wiktionary-de.xml
[2012.09.21 22:49:04 | 000,002,057 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\w3p8t5fg.default\searchplugins\youtube-videosuche.xml
[2013.06.30 13:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.30 13:44:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ResetACGauge] C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TSMResident] C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMRESIDENT.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0265F7FF-6635-4F90-9365-901FB054D9D1}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692E5C5D-0503-4B4D-8A2D-5E05904BB693}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6EE25AC-971F-476E-8EF3-68612859A062}: NameServer = 195.230.105.134 195.230.105.135
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {52983F03-8160-49F0-A3D9-B60F8E54A900} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator-cbfs4 - {52983F03-8160-49F0-A3D9-B60F8E54A900} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {52983F03-8160-49F0-A3D9-B60F8E54A900} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {52983F03-8160-49F0-A3D9-B60F8E54A900} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.15 05:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{a305d895-d8bf-11e1-b41a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a305d895-d8bf-11e1-b41a-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 05:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.15 17:38:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.07.07 14:27:45 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2013.07.07 14:27:45 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2013.07.07 14:27:45 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2013.07.07 14:27:45 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2013.07.07 14:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2013.07.07 14:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick
[2013.07.07 13:49:50 | 000,000,000 | ---D | C] -- C:\UserData
[2013.07.07 13:42:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2013.06.30 13:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.30 13:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.28 19:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2013.06.28 18:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire Interactive
[2013.06.28 14:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.15 17:40:07 | 000,377,856 | ---- | M] () -- C:\Users\Stefan\Desktop\gmer_2.1.19163.exe
[2013.07.15 17:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.07.15 17:36:30 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2013.07.15 17:35:51 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2013.07.15 17:11:08 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.15 17:05:12 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.15 17:04:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.14 20:46:03 | 005,872,658 | ---- | M] () -- C:\Users\Stefan\In Flames   Evil in a Closet Video    19leela91   MyVideo.mp3
[2013.07.10 22:40:20 | 000,034,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 22:40:20 | 000,034,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 22:39:08 | 001,816,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.10 22:39:08 | 000,768,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.10 22:39:08 | 000,723,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.10 22:39:08 | 000,176,278 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.10 22:39:08 | 000,148,914 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.10 22:32:04 | 000,300,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.10 22:31:26 | 2999,533,568 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.01 23:48:43 | 003,841,687 | ---- | M] () -- C:\Users\Stefan\Desktop\deniselvsth62vkura4my.jpg
[2013.06.30 21:58:51 | 000,586,967 | ---- | M] () -- C:\Users\Stefan\Desktop\Bewerbungsformular_WG_06_2012.pdf
[2013.06.28 15:40:11 | 004,629,096 | ---- | M] () -- C:\Users\Stefan\In Flames   My Sweet Shadow[1].mp3
[2013.06.28 15:17:20 | 007,062,622 | ---- | M] () -- C:\Users\Stefan\In Flames   Only for the weak   Vidéo Dailymotion.mp3
[2013.06.28 15:16:47 | 005,525,619 | ---- | M] () -- C:\Users\Stefan\In Flames   Come Clarity [OFFICIAL VIDEO].mp3
[2013.06.28 15:15:31 | 005,868,552 | ---- | M] () -- C:\Users\Stefan\In Flames   Evil In A Closet.mp3
[2013.06.28 15:13:15 | 005,480,227 | ---- | M] () -- C:\Users\Stefan\In Flames   Dial 595 Escape Video    parare4   MyVideo.mp3
[2013.06.28 14:58:02 | 005,463,804 | ---- | M] () -- C:\Users\Stefan\IN FLAMES   Take This Life.mp3
[2013.06.28 14:57:31 | 004,629,096 | ---- | M] () -- C:\Users\Stefan\In Flames   My Sweet Shadow.mp3
[2013.06.28 14:56:57 | 004,856,675 | ---- | M] () -- C:\Users\Stefan\In Flames   The Quiet Place [HD].mp3
[2013.06.22 13:56:46 | 010,791,905 | ---- | M] () -- C:\Users\Stefan\Hitchcock's Psycho Soundtrack.mp3
[2013.06.22 13:31:57 | 009,309,821 | ---- | M] () -- C:\Users\Stefan\Bernard Herrmann   Vertigo (theme).mp3
[2013.06.16 19:06:24 | 000,001,065 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.15 17:40:07 | 000,377,856 | ---- | C] () -- C:\Users\Stefan\Desktop\gmer_2.1.19163.exe
[2013.07.15 17:36:30 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2013.07.15 17:35:50 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2013.07.14 20:45:54 | 005,872,658 | ---- | C] () -- C:\Users\Stefan\In Flames   Evil in a Closet Video    19leela91   MyVideo.mp3
[2013.07.07 13:49:50 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml
[2013.07.01 23:48:42 | 003,841,687 | ---- | C] () -- C:\Users\Stefan\Desktop\deniselvsth62vkura4my.jpg
[2013.06.30 21:24:28 | 000,586,967 | ---- | C] () -- C:\Users\Stefan\Desktop\Bewerbungsformular_WG_06_2012.pdf
[2013.06.28 15:40:06 | 004,629,096 | ---- | C] () -- C:\Users\Stefan\In Flames   My Sweet Shadow[1].mp3
[2013.06.28 15:17:12 | 007,062,622 | ---- | C] () -- C:\Users\Stefan\In Flames   Only for the weak   Vidéo Dailymotion.mp3
[2013.06.28 15:16:42 | 005,525,619 | ---- | C] () -- C:\Users\Stefan\In Flames   Come Clarity [OFFICIAL VIDEO].mp3
[2013.06.28 15:15:24 | 005,868,552 | ---- | C] () -- C:\Users\Stefan\In Flames   Evil In A Closet.mp3
[2013.06.28 15:13:08 | 005,480,227 | ---- | C] () -- C:\Users\Stefan\In Flames   Dial 595 Escape Video    parare4   MyVideo.mp3
[2013.06.28 14:57:55 | 005,463,804 | ---- | C] () -- C:\Users\Stefan\IN FLAMES   Take This Life.mp3
[2013.06.28 14:57:25 | 004,629,096 | ---- | C] () -- C:\Users\Stefan\In Flames   My Sweet Shadow.mp3
[2013.06.28 14:56:50 | 004,856,675 | ---- | C] () -- C:\Users\Stefan\In Flames   The Quiet Place [HD].mp3
[2013.06.22 13:56:33 | 010,791,905 | ---- | C] () -- C:\Users\Stefan\Hitchcock's Psycho Soundtrack.mp3
[2013.06.22 13:31:46 | 009,309,821 | ---- | C] () -- C:\Users\Stefan\Bernard Herrmann   Vertigo (theme).mp3
[2013.06.02 17:49:32 | 008,983,664 | ---- | C] () -- C:\Users\Stefan\Title4 - Chapter 03.mp3
[2013.06.02 17:48:57 | 008,110,880 | ---- | C] () -- C:\Users\Stefan\Title4 - Chapter 02.mp3
[2013.06.02 17:48:32 | 006,406,856 | ---- | C] () -- C:\Users\Stefan\Title4 - Chapter 01.mp3
[2013.06.02 17:47:36 | 011,943,632 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 16.mp3
[2013.06.02 17:46:48 | 011,511,776 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 15.mp3
[2013.06.02 17:45:49 | 014,009,888 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 14.mp3
[2013.06.02 17:45:09 | 009,942,176 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 13.mp3
[2013.06.02 17:44:01 | 016,342,880 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 12.mp3
[2013.06.02 17:43:19 | 010,638,656 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 11.mp3
[2013.06.02 17:42:39 | 007,783,328 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 10.mp3
[2013.06.02 17:41:38 | 013,172,672 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 09.mp3
[2013.06.02 17:40:46 | 009,397,472 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 08.mp3
[2013.06.02 17:39:51 | 009,214,832 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 07.mp3
[2013.06.02 17:38:57 | 010,478,432 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 06.mp3
[2013.06.02 17:37:20 | 017,931,776 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 05.mp3
[2013.06.02 17:36:09 | 011,823,872 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 04.mp3
[2013.06.02 17:35:16 | 007,598,816 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 03.mp3
[2013.06.02 17:34:06 | 010,652,096 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 02.mp3
[2013.06.02 17:32:54 | 009,614,048 | ---- | C] () -- C:\Users\Stefan\Title3 - Chapter 01.mp3
[2013.06.02 17:32:34 | 001,470,032 | ---- | C] () -- C:\Users\Stefan\Title1 - Chapter 01.mp3
[2013.06.01 15:56:10 | 004,296,169 | ---- | C] () -- C:\Users\Stefan\Bernard Herrmann - Vertigo Main Theme.mp3
[2013.05.30 23:58:28 | 006,691,006 | ---- | C] () -- C:\Users\Stefan\Nightwish - Eva.mp3
[2013.05.30 23:56:32 | 008,350,515 | ---- | C] () -- C:\Users\Stefan\Nightwish - Sahara.mp3
[2013.05.30 23:56:22 | 005,622,758 | ---- | C] () -- C:\Users\Stefan\Nightwish - Amaranth.mp3
[2013.05.30 23:53:24 | 006,676,015 | ---- | C] () -- C:\Users\Stefan\Nightwish - The Islander.mp3
[2013.05.30 23:42:53 | 006,016,424 | ---- | C] () -- C:\Users\Stefan\Nightwish - Sleeping Sun.mp3
[2013.05.30 23:42:43 | 005,921,807 | ---- | C] () -- C:\Users\Stefan\Nightwish - Bless The Child.mp3
[2013.05.30 23:42:18 | 005,889,207 | ---- | C] () -- C:\Users\Stefan\Nightwish - I Wish I Had An Angel.mp3
[2013.05.30 23:41:50 | 006,238,412 | ---- | C] () -- C:\Users\Stefan\Nightwish - Bye Bye Beautiful.mp3
[2013.05.30 23:39:05 | 007,613,915 | ---- | C] () -- C:\Users\Stefan\Nightwish - The Phantom Of The Opera.mp3
[2013.05.30 23:36:06 | 005,840,932 | ---- | C] () -- C:\Users\Stefan\Nightwish - Nemo.mp3
[2013.05.30 23:34:46 | 005,827,140 | ---- | C] () -- C:\Users\Stefan\Nightwish - For The Heart I Once Had.mp3
[2013.05.30 23:29:44 | 006,391,385 | ---- | C] () -- C:\Users\Stefan\Nightwish - The Phantom Of The Opera (2).mp3
[2013.05.30 23:27:35 | 006,391,309 | ---- | C] () -- C:\Users\Stefan\Nightwish 'Phantom Of The Opera'.mp3
[2013.05.28 22:58:24 | 007,022,655 | ---- | C] () -- C:\Users\Stefan\Nonstop   Amazing Dance Skills   Set Fire.mp3
[2013.05.12 16:23:00 | 008,269,066 | ---- | C] () -- C:\Users\Stefan\Matisyahu - One Day.mp3
[2013.05.09 23:53:07 | 009,216,945 | ---- | C] () -- C:\Users\Stefan\Metallica - The Unforgiven.mp3
[2013.05.09 23:51:46 | 007,672,797 | ---- | C] () -- C:\Users\Stefan\Uriah Heep - Lady In Black.mp3
[2013.05.09 23:50:41 | 007,543,696 | ---- | C] () -- C:\Users\Stefan\Skid Row - I Remember You.mp3
[2013.05.09 23:50:03 | 004,649,071 | ---- | C] () -- C:\Users\Stefan\James Brown - It's A Man's World.mp3
[2013.05.09 23:46:22 | 008,611,332 | ---- | C] () -- C:\Users\Stefan\Lynyrd Skynyrd - Simple Man.mp3
[2013.05.09 23:44:59 | 006,218,930 | ---- | C] () -- C:\Users\Stefan\Richie Kotzen - You Can't Save Me.mp3
[2013.05.09 23:43:40 | 004,837,207 | ---- | C] () -- C:\Users\Stefan\Biffy Clyro - Mountains.mp3
[2013.05.09 23:40:56 | 005,100,548 | ---- | C] () -- C:\Users\Stefan\The Tallest Man On Earth - It Will Follow The Rain.mp3
[2013.05.09 23:39:32 | 006,599,471 | ---- | C] () -- C:\Users\Stefan\Bonfire - You Make Me Feel.mp3
[2013.05.09 23:37:53 | 005,604,582 | ---- | C] () -- C:\Users\Stefan\Corvus Corax - Totentanz.mp3
[2013.05.09 23:37:50 | 008,754,272 | ---- | C] () -- C:\Users\Stefan\Axel Rudi Pell - Earls Of Black.mp3
[2013.05.09 23:37:20 | 006,101,108 | ---- | C] () -- C:\Users\Stefan\DJ Bass - The Target.mp3
[2013.05.09 23:33:34 | 008,191,283 | ---- | C] () -- C:\Users\Stefan\Axel Rudi Pell - Tear Down The Walls.mp3
[2013.03.31 23:16:02 | 000,001,465 | ---- | C] () -- C:\Users\Stefan\AppData\Local\recently-used.xbel
[2013.02.19 20:35:12 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013.02.19 20:35:12 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013.02.19 20:34:56 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.21 00:04:52 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.10.02 09:43:59 | 000,001,714 | -H-- | C] () -- C:\Users\Stefan\gsview32.ini
[2012.10.01 10:47:38 | 000,000,017 | ---- | C] () -- C:\Users\Stefan\AppData\Local\resmon.resmoncfg
[2012.09.21 22:38:39 | 000,255,360 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wanancsp.dat
[2012.08.29 20:53:18 | 000,000,313 | ---- | C] () -- C:\ProgramData\LastUpdate.xml
[2012.08.29 20:53:18 | 000,000,225 | ---- | C] () -- C:\Windows\WebUpdateSvc4.INI
[2012.08.29 20:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.07.28 16:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.07.28 16:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012.07.28 16:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.07.28 16:36:55 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.07.28 16:36:54 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.07.28 16:35:59 | 000,035,404 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2012.07.28 16:27:03 | 001,794,696 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.20 16:09:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\1&1
[2012.12.03 23:43:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canneverbe Limited
[2013.02.21 00:22:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crayon Physics Deluxe
[2013.07.10 22:34:44 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2013.06.02 17:50:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\dvdae
[2013.02.24 16:59:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\e-academy Inc
[2013.02.21 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FileZilla
[2013.04.18 21:05:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Foxit Software
[2012.08.29 20:53:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Leadertech
[2012.08.29 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Lenovo
[2012.12.28 23:41:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Locate32
[2012.08.29 20:52:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LSC
[2013.06.03 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Mp3tag
[2012.10.05 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org
[2012.10.26 15:14:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\pdfforge
[2012.08.29 22:48:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PwrMgr
[2012.12.03 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SISTEMA
[2013.01.09 09:00:26 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SQLite Administrator
[2012.10.08 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SumatraPDF
[2013.01.14 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Swiss Academic Software
[2012.11.02 10:09:25 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\T-Online
[2012.12.12 22:21:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Thunderbird
[2013.02.09 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.07.07 08:14:36 | 007,195,671 | ---- | M] ()(C:\Users\Stefan\Desire?Under Your Spell.mp3) -- C:\Users\Stefan\DesireːUnder Your Spell.mp3
[2013.06.22 13:48:58 | 007,195,671 | ---- | C] ()(C:\Users\Stefan\Desire?Under Your Spell.mp3) -- C:\Users\Stefan\DesireːUnder Your Spell.mp3

< End of report >
--- --- ---



Extras.txt, gmer.txt:
Da der Beitrag zu groß wurde (> 120 000 Zeichen), diese beiden Logfiles als .txt-Dateien im Anhang als Logfiles.zip.


Die drei Programme liefen ohne Probleme durch, ich konnte die Anleitung abarbeiten.

Allerdings musste ich vor dem Download von OTL und vor der Ausführung diverse Online-Scans und den Web-Schutz von Sophos deaktivieren. Sophos hat da gemeckert und Malware erkannt.

Könnt ihr mir Helfen in welche Richtung ich weitersuchen muss? Sieht man in den Logs etwas Verdächtiges?


Vielen Dank für eure Mühe,
Stefan (Ömerich)


[edit]
Jetzt ist mir grade noch was eingefallen:
Relativ kurz nachdem ich mir den Laptop gekauft habe, hatte ich schon mal eine etwas sonderbare Fehlermeldung von "Zeitplan Hardware-Scan" die wie folgt lautete:
"Lenovo Solution Center zur Ausführung geplant ist ein hardware check up. Ist es OK, um es auszuführen?" mit zwei Buttons "Ja" und "Nein".
Ich habe deswegen auch schon mal bei Lenovo angerufen und wollte herausfinden, ob diese Meldung authentisch (also von Lenovo ist) oder eventuell Malware (wegen dem seeehr holprigen Deutsch).
Der Herr am Telefon konnte allerdings mein Problem mit der Semantik nicht nachvollziehen und meine immer nur, das sei schon OK, er wüsste nicht, was mit meinem PC nicht in Ordnung sei, ich sollte doch einfach den Hardware-Scan ausführen.
Ich habe dann aufgelegt und die Fehlermeldung mit "Nein" weggeklickt und den Hardware-Scan nie gemacht.
[/edit]

 

Themen zu Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu
antivirus, application/pdf:, autorun, bho, down, download, explorer, firefox, firewall, format, google, internet, logfile, malware, mozilla, musik, plug-in, problem, programme, pwmtr64v.dll, realtek, registry, rundll, sekunden, seltsames verhalten, software, surfen, symantec, tablet, usb, web-schutz


« Internet langsam durch Schädling/Toolbar | Win 7: Beim Anklicken von Google Links öffnen teilweise Werbeseiten, statt der Suchergebnisseiten. »


Ähnliche Themen: Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu


  1. Windows 7 - Antiviren Programm wird als deaktiviert angezeigt
    Plagegeister aller Art und deren Bekämpfung - 04.11.2015 (11)
  2. TR/Rootkit.Gen2 - Virenscanner wird deaktiviert - Metasploit 7 wird im Startmenue aktiviert - 5mk1owasew99.exe
    Log-Analyse und Auswertung - 29.05.2015 (22)
  3. Sicherheitscenter ist deaktiviert und lässt sich auch nicht starten win7 ultimate 64bit
    Plagegeister aller Art und deren Bekämpfung - 27.12.2014 (10)
  4. Trojaner - Sicherheitscenter oder Treiber wird deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (67)
  5. Sicherheitscenter wird immer wieder deaktiviert, chrome meldet Profil Fehler
    Log-Analyse und Auswertung - 10.06.2013 (3)
  6. Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 16.12.2012 (10)
  7. Pum.disabled.SecurityCenter: Norton AV wird deaktiviert
    Log-Analyse und Auswertung - 02.08.2012 (8)
  8. Sicherheitscenter wird automatisch deaktiviert und Google leitet weiter...
    Plagegeister aller Art und deren Bekämpfung - 04.08.2011 (19)
  9. Netzwerkadapter wird automatisch deaktiviert
    Alles rund um Windows - 08.07.2011 (3)
  10. Sicherheitscenter deaktiviert sich von selbst (Win7), Wiederherstellung nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (4)
  11. Sicherheitscenter und Defender werden deaktiviert win7
    Log-Analyse und Auswertung - 08.04.2011 (20)
  12. Windows Firewall wird immer wieder deaktiviert
    Log-Analyse und Auswertung - 08.11.2010 (8)
  13. avira startet nicht,sicherheitscenter deaktiviert
    Antiviren-, Firewall- und andere Schutzprogramme - 03.01.2010 (7)
  14. avira startet nicht,sicherheitscenter deaktiviert
    Mülltonne - 24.12.2009 (0)
  15. Taskmanager wird immer wieder deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (58)
  16. Tastur wird deaktiviert und bootvorgang nur noch manuel
    Plagegeister aller Art und deren Bekämpfung - 24.09.2008 (3)
  17. N360 wird deaktiviert - Bitte um Rat
    Log-Analyse und Auswertung - 14.10.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu - Hallo zusammen, ich habe ein Problem mit meinem ca. 1 Jahr alten Win7-64-bit-Laptop von Lenovo. Mir ist bisher zwei, drei mal folgendes passiert: Während dem normalen PC-Betrieb (Musik hören über - Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu...
Archiv
Du betrachtest: Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131