"Win32/Small.ca Virus sollte entfernt werden" taucht in der taskleiste auf, Bluescreen bei GMER

Bacchus91 · 30.07.2013, 14:59

Werte HelferInnen,

heute morgen tauchte bei mir in der taskleiste in etwa die Nachricht auf: "Win32/Small.ca Virus sollte entfernt werden". Den genauen Wortlaut kenne ich leider nicht mehr und die Nachricht wird nicht mehr angezeigt. Ein Scan mit Sophos und dem von der Nachricht empfohlenen "Microsoft Support Emergency Respnse Tool" ergab keine Ergebnisse. Was mir aber nu ziemlich Sorgen macht, ist dass Sophos deaktiviert ist und ich das nicht ändern kann. Weiterhin ist der Rechner beim Scan von GMER abgestürzt. D.h. es gab einen bluescreen und der Rechner wurde neu hochgefahren. Die Log-Dateien von OTL sind anbei.
Ist mein erstes Mal in diesem Forum, ich hoffe, alle nötigen Daten sind dabei(?).
Ich hoffe, dass jemand von Euch mir helfen kann.

Schonmal jetzt meinen größten Dank,
Bacchus91

Extras

Code:

ATTFilter

OTL Extras logfile created on: 30.07.2013 14:55:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 52,01% Memory free
7,60 Gb Paging File | 5,78 Gb Available in Paging File | 76,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,91 Gb Free Space | 32,58% Space Free | Partition Type: NTFS
Drive F: | 48,21 Gb Total Space | 28,78 Gb Free Space | 59,69% Space Free | Partition Type: NTFS
Drive G: | 465,73 Gb Total Space | 0,02 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0558C9A0-5D3C-4D8C-B3F5-452E23CED2B1}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{6288AC0E-9C3F-4C53-B136-7C9FE55FA246}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{65E27183-5B10-4BBE-91C7-6357A05F1167}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{74320D2F-DA45-4EC4-BCB9-7ACC39B70385}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D72EE8D0-6F04-4FC2-A6B3-8484388992ED}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D862D7BF-E6B2-4D77-8757-88E048831FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{E65A669E-E1E0-46FF-8467-7F9E2FEAD823}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{419B57C2-BEB5-4201-91F5-CEF73F24C219}" = System Requirements Lab for Intel (64-bit)
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4214A1CFC1A368A5078729BFD4B211F0CDB5CEC5" = Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0)
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.4
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Matlab R2013a" = MATLAB R2013a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 2.0.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{193CA6A6-E735-40B1-AA92-F611B291792C}" = Verizon Wireless Mobile Broadband Self Activation
"{1D2FF661-4402-4D75-AA40-B23FCAF81D32}" = Lenovo Patch Utility
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666C9123-1AEC-446F-8AA8-28256B1953D4}" = Qualcomm Gobi 2000 Package for Lenovo
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"foobar2000" = foobar2000 v1.2.6
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript 9.07" = GPL Ghostscript
"Inkscape" = Inkscape 0.48.4
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.16.1860" = Opera 12.16
"SumatraPDF" = SumatraPDF
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2013 06:31:55 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\EaseUS\easeus partition master 9.2.2\DRW\RdfCheck.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.07.2013 06:38:36 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 26.07.2013 03:10:53 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 26.07.2013 04:14:06 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\EaseUS\easeus partition master 9.2.2\DRW\RdfCheck.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.07.2013 04:19:30 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 29.07.2013 09:15:53 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: matlab.exe, Version: 8.1.0.0, Zeitstempel:
 0x50f7698f  Name des fehlerhaften Moduls: jniwrap64.dll, Version: 3.8.0.0, Zeitstempel:
 0x4d62c1f3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000186a  ID des fehlerhaften
 Prozesses: 0x1358  Startzeit der fehlerhaften Anwendung: 0x01ce8c5db4e9a803  Pfad der
 fehlerhaften Anwendung: C:\Program Files\MATLAB\R2013a\bin\win64\matlab.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\MATLAB\R2013a\sys\jxbrowser\win64\lib\jniwrap64.dll
Berichtskennung:
 fe30fc56-f850-11e2-994c-00a0c6000000
 
Error - 30.07.2013 03:06:16 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 30.07.2013 04:43:22 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1010    Startzeit:
 01ce8cfadef10d0e    Endzeit: 60000    Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
 Anti-Malware\mbam.exe    Berichts-ID: 8d9d0de7-f8f3-11e2-a701-0024d74a6678  
 
Error - 30.07.2013 06:48:26 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 30.07.2013 08:07:41 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm msert.exe, Version 1.155.1099.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c5c    Startzeit: 
01ce8d12bc98bc94    Endzeit: 60000    Anwendungspfad: C:\Users\***\Desktop\msert.exe    Berichts-ID:
   
 
[ System Events ]
Error - 30.07.2013 08:05:35 | Computer Name = ***-PC | Source = SAVOnAccess | ID = 3998260
Description =   Kommunikationsfehler zwischen On-Access-Treiber und Dienst für Zugriff
 auf Registrierungswert [62424-2832944640-1000_CLASSES\Local Settings\MuiCache\2B\46693477
 LanguageList] durch Prozess rundll32.exe.  
 
Error - 30.07.2013 08:05:35 | Computer Name = ***-PC | Source = SAVOnAccess | ID = 3998260
Description =   Kommunikationsfehler zwischen On-Access-Treiber und Dienst für Zugriff
 auf Registrierungswert [62424-2832944640-1000_CLASSES\Local Settings\MuiCache\2B\46693477
 LanguageList] durch Prozess rundll32.exe.  
 
Error - 30.07.2013 08:05:35 | Computer Name = ***-PC | Source = SAVOnAccess | ID = 3998260
Description =   Kommunikationsfehler zwischen On-Access-Treiber und Dienst für Zugriff
 auf Registrierungswert [62424-2832944640-1000_CLASSES\Local Settings\MuiCache\2B\46693477
 LanguageList] durch Prozess rundll32.exe.  
 
Error - 30.07.2013 08:05:35 | Computer Name = ***-PC | Source = SAVOnAccess | ID = 3997779
Description =   Damit das Systemreignisprotokoll nicht unnötige Ausmaße annimmt, werden
 Meldungen wie "Savservice threads busy" nach Wiederherstellung des Dienstes nicht
 mehr protokolliert.  
 
Error - 30.07.2013 08:06:32 | Computer Name = ***-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 30.07.2013 08:10:42 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.07.2013 08:10:57 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.07.2013 08:11:03 | Computer Name = ***-PC | Source = SAVOnAccess | ID = 3997733
Description = Treiber-Threads sind beim Herunterfahren des Threads noch aktiv.
 
Error - 30.07.2013 08:11:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Sophos Anti-Virus" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.07.2013 08:11:03 | Computer Name = ***-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
 
< End of report >

OTL

Code:

ATTFilter

OTL logfile created on: 30.07.2013 14:55:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 52,01% Memory free
7,60 Gb Paging File | 5,78 Gb Available in Paging File | 76,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,91 Gb Free Space | 32,58% Space Free | Partition Type: NTFS
Drive F: | 48,21 Gb Total Space | 28,78 Gb Free Space | 59,69% Space Free | Partition Type: NTFS
Drive G: | 465,73 Gb Total Space | 0,02 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.30 14:54:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.07.12 09:24:22 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2013.07.03 21:27:42 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.05.27 10:32:12 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.05.27 10:32:12 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.05.27 10:31:51 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2013.05.27 10:31:47 | 002,869,824 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.05.27 10:31:45 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.23 06:54:00 | 001,667,368 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2013.04.23 06:54:00 | 000,127,784 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2013.03.18 17:25:40 | 000,846,120 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2013.03.18 17:07:58 | 000,602,112 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2013.02.26 10:01:24 | 000,062,456 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2013.02.26 10:01:22 | 000,060,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2013.02.26 10:01:08 | 000,044,024 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2012.12.18 21:15:46 | 000,331,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2012.12.04 14:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011.07.12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.05.23 12:10:00 | 001,688,384 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2010.05.03 12:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.05.03 12:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.03 21:27:43 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.07.03 21:27:43 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.07.03 21:27:43 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.11 06:22:08 | 000,060,272 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2012.09.06 10:49:06 | 000,046,984 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.03 21:27:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 16:50:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.27 10:32:12 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.05.27 10:31:51 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2013.05.27 10:31:47 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.05.27 10:31:45 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2013.05.27 10:31:38 | 001,998,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2013.05.27 10:31:38 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.23 06:54:00 | 001,667,368 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2013.04.23 06:54:00 | 001,664,808 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2013.04.23 06:54:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.04.11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013.03.18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2013.03.18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2013.02.26 10:01:24 | 000,062,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2013.02.26 10:01:08 | 000,044,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2012.12.18 12:30:54 | 000,127,120 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2012.12.04 14:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2012.08.24 18:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.05.23 12:10:00 | 001,688,384 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo)
SRV - [2010.05.03 12:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.05.03 12:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.27 10:31:58 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2013.05.27 10:31:47 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2013.05.27 10:31:31 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2013.04.24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013.04.23 06:54:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2013.04.23 06:54:00 | 000,020,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012.12.11 06:22:08 | 000,042,824 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.11.05 15:42:36 | 000,120,320 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GKUPRO2D.sys -- (GKUPRO2D)
DRV:64bit: - [2012.09.10 11:16:48 | 000,125,304 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2012.09.06 10:49:06 | 000,025,448 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2012.08.09 15:21:12 | 012,312,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.07.23 11:11:44 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.02 09:43:02 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011.08.23 06:12:58 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.05.23 11:12:40 | 000,444,416 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k)
DRV:64bit: - [2011.05.23 11:12:40 | 000,231,040 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k)
DRV:64bit: - [2011.05.23 11:12:40 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.08.25 17:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.02.26 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.30 13:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009.06.30 13:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009.06.30 12:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 11:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2006.06.18 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=B80A00A0C6000000&affID=120695&tsp=4924
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C F6 19 1B BE 5A CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B80A00A0C6000000&affID=120695&tsp=4924
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.03 21:27:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.03 21:27:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.05.27 11:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.06.25 14:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe File not found
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.13.178.121 139.13.178.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{023986D5-2109-4F9C-AB8F-15FB71F1B4D1}: DhcpNameServer = 139.13.178.121 139.13.178.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13F5B72B-9B3D-491E-8BB4-BB12C6CA29FD}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.30 14:54:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.30 09:59:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.07.30 09:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.11 10:22:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Escalateur
[2013.07.11 09:49:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HG_Protokolle_Tobi
[2013.07.09 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2013.07.09 20:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.07.09 20:42:14 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\Windows\SysNative\pdfcmon.dll
[2013.07.09 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.07.09 15:12:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.07.09 15:11:50 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.07.09 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.07.03 21:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.07.03 20:55:56 | 000,000,000 | ---D | C] -- C:\localtexmf
[2013.06.30 18:51:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WindSolutions
[2013.06.30 18:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.30 14:54:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.30 14:53:56 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.07.30 14:53:05 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.30 14:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.30 13:10:11 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\MATLAB R2013a Startup Accelerator.job
[2013.07.30 12:57:58 | 000,016,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.30 12:57:58 | 000,016,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.30 12:57:00 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.30 12:57:00 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.30 12:57:00 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.30 12:57:00 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.30 12:57:00 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.30 12:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.30 12:50:23 | 3060,535,296 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.29 21:59:45 | 007,158,681 | ---- | M] () -- C:\Users\***\Desktop\PPFScan.zip
[2013.07.29 21:40:13 | 000,004,763 | ---- | M] () -- C:\Users\***\JASA_neu_MB.pdf
[2013.07.29 21:31:59 | 000,000,000 | ---- | M] () -- C:\Users\***\JASA_neu_MBNotes.bib
[2013.07.29 21:31:59 | 000,000,000 | ---- | M] () -- C:\Users\***\JASA_neu_MB.aux
[2013.07.19 11:50:40 | 000,000,718 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.07.15 19:27:40 | 000,873,503 | ---- | M] () -- C:\Users\***\Desktop\BCKP_Review.odt
[2013.07.13 17:03:02 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 20:14:14 | 000,218,947 | ---- | M] () -- C:\Users\***\Desktop\Hacker_Ratcliff_Perception_and_Psychophysics_1979.pdf
[2013.07.09 15:12:24 | 000,001,235 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.07.03 20:35:38 | 001,337,435 | ---- | M] () -- C:\Users\***\Desktop\JasaTeX-0.1tc7.zip
 
========== Files Created - No Company Name ==========
 
[2013.07.30 14:53:56 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.07.30 14:53:05 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.29 21:59:37 | 007,158,681 | ---- | C] () -- C:\Users\***\Desktop\PPFScan.zip
[2013.07.29 21:32:00 | 000,004,763 | ---- | C] () -- C:\Users\***\JASA_neu_MB.pdf
[2013.07.29 21:31:59 | 000,000,000 | ---- | C] () -- C:\Users\***\JASA_neu_MBNotes.bib
[2013.07.29 21:31:59 | 000,000,000 | ---- | C] () -- C:\Users\***\JASA_neu_MB.aux
[2013.07.19 11:50:40 | 000,000,718 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.07.15 19:27:39 | 000,873,503 | ---- | C] () -- C:\Users\***\Desktop\BCKP_Review.odt
[2013.07.11 20:14:14 | 000,218,947 | ---- | C] () -- C:\Users\***\Desktop\Hacker_Ratcliff_Perception_and_Psychophysics_1979.pdf
[2013.07.09 15:12:24 | 000,001,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.07.03 20:35:38 | 001,337,435 | ---- | C] () -- C:\Users\***\Desktop\JasaTeX-0.1tc7.zip
[2013.06.25 14:27:18 | 000,000,140 | ---- | C] () -- C:\Windows\wininit.ini
[2012.08.09 15:21:04 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.01.10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.01.10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012.01.10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.07.16 20:32:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2013.06.10 14:22:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2013.07.09 15:12:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.05.27 10:20:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.07.09 20:42:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2013.05.27 11:11:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2013.05.27 13:16:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SumatraPDF
[2013.05.27 11:59:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2013.06.30 18:51:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >

schrauber · 30.07.2013, 15:42

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Bacchus91 · 30.07.2013, 16:01

Hi schrauber,

das ging ja mal schnell, vielen Dank!
Die gewünschten Dateien sind wieder anbei.

Vielen Dank,
Bacchus91

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by *** (administrator) on 30-07-2013 16:50:24
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2013-05-27] (Sophos Limited)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [x]
HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-05-27] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-05-27] (Sophos Limited)
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=B80A00A0C6000000&affID=120695&tsp=4924
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B80A00A0C6000000&affID=120695&tsp=4924
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 139.13.178.121 139.13.178.122

==================== Services (Whitelisted) =================

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2013-05-27] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2013-05-27] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2013-05-27] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-05-27] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2013-05-27] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2013-05-27] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R3 GKUPRO2D; C:\Windows\System32\DRIVERS\GKUPRO2D.sys [120320 2012-11-05] (Gemalto)
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2013-05-27] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-05-27] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-05-27] (Sophos Plc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 16:50 - 2013-07-30 16:50 - 00000000 ____D C:\FRST
2013-07-30 16:48 - 2013-07-30 16:48 - 01781589 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-30 15:56 - 2013-07-30 15:56 - 00076294 _____ C:\Users\***\Desktop\OTL_anym.txt
2013-07-30 15:52 - 2013-07-30 15:52 - 00037522 _____ C:\Users\***\Desktop\Extras_anym.txt
2013-07-30 15:43 - 2013-07-30 15:43 - 00262144 _____ C:\Windows\Minidump\073013-10186-01.dmp
2013-07-30 15:39 - 2013-07-30 15:39 - 00037522 _____ C:\Users\***\Documents\Extras_anym.txt
2013-07-30 15:02 - 2013-07-30 15:02 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-30 14:58 - 2013-07-30 14:58 - 00076564 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-30 14:58 - 2013-07-30 14:58 - 00037666 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-30 14:54 - 2013-07-30 14:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-30 14:53 - 2013-07-30 14:54 - 00000474 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-30 14:53 - 2013-07-30 14:53 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-30 14:53 - 2013-07-30 14:53 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-30 11:48 - 2013-07-30 11:49 - 90332944 _____ (Microsoft Corporation) C:\Users\***\Desktop\msert.exe
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-29 21:59 - 2013-07-29 21:59 - 07158681 _____ C:\Users\***\Desktop\PPFScan.zip
2013-07-29 21:31 - 2013-07-29 21:40 - 00016819 _____ C:\Users\***\JASA_neu_MB.log
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MBNotes.bib
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MB.aux
2013-07-19 11:50 - 2013-07-19 11:50 - 00000718 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-19 09:41 - 2013-07-23 13:49 - 00009728 _____ C:\Users\***\Desktop\Bewertung_ts.xls
2013-07-15 19:27 - 2013-07-15 19:27 - 00873503 _____ C:\Users\***\Desktop\BCKP_Review.odt
2013-07-13 17:38 - 2013-07-13 17:38 - 00876780 _____ C:\Users\***\Downloads\Jade HS Briefkopf FB-BuG.dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00936402 _____ C:\Users\***\Downloads\Jade HS Briefkopf englisch (OL).dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00876901 _____ C:\Users\***\Downloads\Jade HS Briefkopf (OL).dotx
2013-07-13 16:39 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 16:39 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 16:39 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 16:39 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 16:39 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 16:39 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 16:39 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 16:39 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 16:39 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 16:38 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 16:38 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 16:38 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 16:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 16:38 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 16:38 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 16:38 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 16:38 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 16:38 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 16:38 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 09:15 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:15 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:15 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:15 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:15 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:15 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:15 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 10:22 - 2013-07-11 10:22 - 00000000 ____D C:\Users\***\Desktop\Escalateur
2013-07-11 09:49 - 2013-07-11 09:50 - 00000000 ____D C:\Users\***\Desktop\HG_Protokolle_Tobi
2013-07-09 20:42 - 2013-07-09 20:42 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-09 20:42 - 2013-07-09 20:42 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-09 20:42 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-07-09 20:42 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-07-09 20:42 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-07-09 20:42 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-07-09 20:42 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-07-09 20:42 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-07-09 20:42 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-07-09 20:42 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-07-09 15:12 - 2013-07-09 15:12 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenOffice.org
2013-07-09 15:11 - 2013-07-09 15:11 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-03 21:27 - 2013-07-04 08:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-03 20:55 - 2013-07-03 20:58 - 00000000 ____D C:\localtexmf
2013-07-03 20:35 - 2013-07-03 20:35 - 01337435 _____ C:\Users\***\Desktop\JasaTeX-0.1tc7.zip
2013-06-30 18:51 - 2013-06-30 18:51 - 00000000 ____D C:\Users\***\AppData\Roaming\WindSolutions
2013-06-30 18:51 - 2013-06-30 18:51 - 00000000 ____D C:\ProgramData\WindSolutions

==================== One Month Modified Files and Folders =======

2013-07-30 16:50 - 2013-05-27 16:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 16:48 - 2013-07-30 16:48 - 01781589 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-30 15:56 - 2013-07-30 15:56 - 00076294 _____ C:\Users\***\Desktop\OTL_anym.txt
2013-07-30 15:52 - 2013-07-30 15:52 - 00037522 _____ C:\Users\***\Desktop\Extras_anym.txt
2013-07-30 15:50 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 15:50 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 15:47 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-30 15:47 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-30 15:47 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 15:43 - 2013-07-30 15:43 - 00262144 _____ C:\Windows\Minidump\073013-10186-01.dmp
2013-07-30 15:43 - 2013-06-20 21:34 - 00000000 ____D C:\Windows\Minidump
2013-07-30 15:43 - 2013-05-27 13:40 - 00000548 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-07-30 15:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 15:43 - 2009-07-14 06:51 - 00039037 _____ C:\Windows\setupact.log
2013-07-30 15:39 - 2013-07-30 15:39 - 00037522 _____ C:\Users\***\Documents\Extras_anym.txt
2013-07-30 15:02 - 2013-07-30 15:02 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-30 14:58 - 2013-07-30 14:58 - 00076564 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-30 14:58 - 2013-07-30 14:58 - 00037666 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-30 14:54 - 2013-07-30 14:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-30 14:54 - 2013-07-30 14:53 - 00000474 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-30 14:53 - 2013-07-30 14:53 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-30 14:53 - 2013-07-30 14:53 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-30 14:53 - 2013-05-27 09:03 - 00000000 ____D C:\Users\***
2013-07-30 14:20 - 2013-05-27 09:03 - 01390184 _____ C:\Windows\WindowsUpdate.log
2013-07-30 12:50 - 2013-05-27 11:12 - 00010082 _____ C:\Windows\PFRO.log
2013-07-30 11:49 - 2013-07-30 11:48 - 90332944 _____ (Microsoft Corporation) C:\Users\***\Desktop\msert.exe
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-30 09:08 - 2013-05-27 13:42 - 00000000 ____D C:\Users\***\Documents\MATLAB
2013-07-29 21:59 - 2013-07-29 21:59 - 07158681 _____ C:\Users\***\Desktop\PPFScan.zip
2013-07-29 21:40 - 2013-07-29 21:31 - 00016819 _____ C:\Users\***\JASA_neu_MB.log
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MBNotes.bib
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MB.aux
2013-07-29 15:19 - 2013-05-27 09:03 - 00000000 ____D C:\Users\***\AppData\Local\VirtualStore
2013-07-23 13:49 - 2013-07-19 09:41 - 00009728 _____ C:\Users\***\Desktop\Bewertung_ts.xls
2013-07-19 11:50 - 2013-07-19 11:50 - 00000718 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-16 20:32 - 2013-05-27 13:51 - 00000000 ____D C:\Users\***\AppData\Roaming\foobar2000
2013-07-16 14:29 - 2013-06-04 17:48 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-07-15 19:27 - 2013-07-15 19:27 - 00873503 _____ C:\Users\***\Desktop\BCKP_Review.odt
2013-07-14 21:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-13 17:38 - 2013-07-13 17:38 - 00876780 _____ C:\Users\***\Downloads\Jade HS Briefkopf FB-BuG.dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00936402 _____ C:\Users\***\Downloads\Jade HS Briefkopf englisch (OL).dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00876901 _____ C:\Users\***\Downloads\Jade HS Briefkopf (OL).dotx
2013-07-13 17:03 - 2009-07-14 06:45 - 00294168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 17:01 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 17:01 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 17:01 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 16:40 - 2013-05-27 09:28 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-12 09:24 - 2013-05-27 10:20 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-11 14:22 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-11 10:22 - 2013-07-11 10:22 - 00000000 ____D C:\Users\***\Desktop\Escalateur
2013-07-11 09:50 - 2013-07-11 09:49 - 00000000 ____D C:\Users\***\Desktop\HG_Protokolle_Tobi
2013-07-09 20:42 - 2013-07-09 20:42 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-09 20:42 - 2013-07-09 20:42 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-09 19:10 - 2013-05-27 10:41 - 00064024 _____ C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-09 15:12 - 2013-07-09 15:12 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenOffice.org
2013-07-09 15:12 - 2013-05-27 09:03 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-09 15:11 - 2013-07-09 15:11 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-09 15:11 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 09:34 - 2013-05-27 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 08:58 - 2013-07-03 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-04 08:58 - 2013-05-27 13:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird.bak
2013-07-03 20:58 - 2013-07-03 20:55 - 00000000 ____D C:\localtexmf
2013-07-03 20:37 - 2013-05-27 12:01 - 00000000 ____D C:\Program Files\MiKTeX 2.9
2013-07-03 20:35 - 2013-07-03 20:35 - 01337435 _____ C:\Users\***\Desktop\JasaTeX-0.1tc7.zip
2013-06-30 18:51 - 2013-06-30 18:51 - 00000000 ____D C:\Users\***\AppData\Roaming\WindSolutions
2013-06-30 18:51 - 2013-06-30 18:51 - 00000000 ____D C:\ProgramData\WindSolutions
2013-06-30 18:49 - 2013-05-27 11:59 - 00000000 ____D C:\Users\***\AppData\Local\Thunderbird

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 10:07

==================== End Of Log ============================

--- --- ---

Addition
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by *** at 2013-07-30 16:50:45
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Anzeige am Bildschirm (Version: 6.67.50)
Conexant 20585 SmartAudio HD (Version: 4.95.48.50)
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0)
dows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0)
Energie-Manager (x32 Version: 6.54)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4)
foobar2000 v1.2.6 (x32 Version: 1.2.6)
GNU Aspell 0.50-3 (x32)
GPL Ghostscript (x32 Version: 9.07)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Network Connections Drivers (Version: 16.8)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2827)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Lenovo Mobile Broadband Activation (x32 Version: 4.2.1003.00)
Lenovo Patch Utility (x32 Version: 1.3.2.4)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (x32 Version: 5.02.0011)
MATLAB R2013a (Version: 8.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MiKTeX 2.9 (Version: 2.9)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.16 (x32 Version: 12.16.1860)
PDFCreator (x32 Version: 1.7.0)
Qualcomm Gobi 2000 Package for Lenovo (x32 Version: 1.1.250)
Skype™ 6.3 (x32 Version: 6.3.107)
Sophos Anti-Virus (x32 Version: 10.0.10)
Sophos AutoUpdate (x32 Version: 2.7.4.317)
SumatraPDF (x32 Version: 2.3.2)
System Requirements Lab for Intel (64-bit) (Version: 4.5.13.0)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Modem Adapter (Version: 7.80.5.0)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 6.01)
ThinkVantage Communications Utility (Version: 2.10.0.0)
ThinkVantage GPS (x32 Version: 2.80)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.77.0.11)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Verizon Wireless Mobile Broadband Self Activation (x32 Version: 3.2.2)
VLC media player 2.0.6 (Version: 2.0.6)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1CBD8359-DEC1-4775-8E11-64CA2E3292D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {73B49B8E-59B1-4793-AA64-73025F9A1339} - System32\Tasks\EPUpdater => C:\Users\***\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {88B00598-F6C0-4389-ADAD-B8A764524E8B} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {B4CA9EAD-1AF8-4DEA-8DFF-1C2431EDB262} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {C97843FB-5E2C-4CA7-9813-CA1D00673EDF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {D4D5C3DA-881F-45FD-ADB1-2F6FDFEB92A8} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe

==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2013 02:07:41 PM) (Source: Application Hang) (User: )
Description: Programm msert.exe, Version 1.155.1099.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c5c

Startzeit: 01ce8d12bc98bc94

Endzeit: 60000

Anwendungspfad: C:\Users\***\Desktop\msert.exe

Berichts-ID:

Error: (07/30/2013 00:48:26 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (07/30/2013 10:43:22 AM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1010

Startzeit: 01ce8cfadef10d0e

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID: 8d9d0de7-f8f3-11e2-a701-0024d74a6678

Error: (07/30/2013 09:06:16 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (07/29/2013 03:15:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: matlab.exe, Version: 8.1.0.0, Zeitstempel: 0x50f7698f
Name des fehlerhaften Moduls: jniwrap64.dll, Version: 3.8.0.0, Zeitstempel: 0x4d62c1f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000186a
ID des fehlerhaften Prozesses: 0x1358
Startzeit der fehlerhaften Anwendung: 0xmatlab.exe0
Pfad der fehlerhaften Anwendung: matlab.exe1
Pfad des fehlerhaften Moduls: matlab.exe2
Berichtskennung: matlab.exe3

Error: (07/26/2013 10:19:30 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (07/26/2013 10:14:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/26/2013 09:10:53 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (07/25/2013 00:38:36 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (07/25/2013 00:31:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/30/2013 03:43:28 PM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d8af5c3650, 0xb3b7465f01da7262, 0xfffff8800336e5c0, 0x0000000000000002)C:\Windows\MEMORY.DMP073013-10186-01

Error: (07/30/2013 03:43:27 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎30.‎07.‎2013 um 15:42:23 unerwartet heruntergefahren.

Error: (07/30/2013 02:11:03 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (07/30/2013 02:11:03 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Sophos Anti-Virus" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/30/2013 02:11:03 PM) (Source: SAVOnAccess) (User: )
Description: Treiber-Threads sind beim Herunterfahren des Threads noch aktiv.

Error: (07/30/2013 02:10:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/30/2013 02:10:42 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/30/2013 02:06:32 PM) (Source: DCOM) (User: )
Description: "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe" -Embedding740{24DC0815-9D82-47FD-81B3-11DE033EF7A3}

Error: (07/30/2013 02:05:35 PM) (Source: SAVOnAccess) (User: )
Description: Damit das Systemreignisprotokoll nicht unnötige Ausmaße annimmt, werden Meldungen wie "Savservice threads busy" nach Wiederherstellung des Dienstes nicht mehr protokolliert.

Error: (07/30/2013 02:05:35 PM) (Source: SAVOnAccess) (User: )
Description: Kommunikationsfehler zwischen On-Access-Treiber und Dienst für Zugriff auf Registrierungswert [62424-2832944640-1000_CLASSES\Local Settings\MuiCache\2B\46693477 LanguageList] durch Prozess rundll32.exe.


Microsoft Office Sessions:
=========================
Error: (07/30/2013 02:07:41 PM) (Source: Application Hang)(User: )
Description: msert.exe1.155.1099.0c5c01ce8d12bc98bc9460000C:\Users\***\Desktop\msert.exe

Error: (07/30/2013 00:48:26 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (07/30/2013 10:43:22 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1101001ce8cfadef10d0e60000C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe8d9d0de7-f8f3-11e2-a701-0024d74a6678

Error: (07/30/2013 09:06:16 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (07/29/2013 03:15:53 PM) (Source: Application Error)(User: )
Description: matlab.exe8.1.0.050f7698fjniwrap64.dll3.8.0.04d62c1f3c0000005000000000000186a135801ce8c5db4e9a803C:\Program Files\MATLAB\R2013a\bin\win64\matlab.exeC:\Program Files\MATLAB\R2013a\sys\jxbrowser\win64\lib\jniwrap64.dllfe30fc56-f850-11e2-994c-00a0c6000000

Error: (07/26/2013 10:19:30 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (07/26/2013 10:14:06 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\EaseUS\easeus partition master 9.2.2\DRW\RdfCheck.exe

Error: (07/26/2013 09:10:53 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (07/25/2013 00:38:36 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (07/25/2013 00:31:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\EaseUS\easeus partition master 9.2.2\DRW\RdfCheck.exe


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3891.67 MB
Available physical RAM: 2198.16 MB
Total Pagefile: 7781.53 MB
Available Pagefile: 5974.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:15.82 GB) NTFS (Disk=0 Partition=2)
Drive f: (Daten) (Fixed) (Total:48.21 GB) (Free:28.78 GB) NTFS (Disk=0 Partition=4)
Drive g: (ViKK-FP-2) (Fixed) (Total:465.73 GB) (Free:0.02 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: A636F269)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=83)
Partition 4: (Not Active) - (Size=50 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 000521AB)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 31.07.2013, 07:29

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bacchus91 · 31.07.2013, 09:44

Hi schrauber,

die gewünschte Datei ist anbei.

Besten Dank

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-07-30.05 - *** 31.07.2013  10:10:53.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3892.2470 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-28 bis 2013-07-31  ))))))))))))))))))))))))))))))
.
.
2013-07-30 14:50 . 2013-07-30 14:50	--------	d-----w-	C:\FRST
2013-07-30 07:59 . 2013-07-30 07:59	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-07-30 07:59 . 2013-07-30 07:59	--------	d-----w-	c:\programdata\Malwarebytes
2013-07-30 07:06 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FC89587-9B30-42CA-BCF4-2218969F84D2}\mpengine.dll
2013-07-13 14:38 . 2013-06-11 23:26	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-07-13 14:38 . 2013-06-11 23:43	108032	----a-w-	c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-07-13 14:38 . 2013-06-11 23:43	817664	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-13 14:38 . 2013-06-11 23:26	1084928	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-13 14:38 . 2013-06-11 23:25	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-07-13 14:38 . 2013-06-11 23:43	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-07-13 14:38 . 2013-06-11 23:26	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-07-13 14:38 . 2013-06-11 23:25	15404032	----a-w-	c:\windows\system32\ieframe.dll
2013-07-13 14:38 . 2013-06-11 23:25	19238912	----a-w-	c:\windows\system32\mshtml.dll
2013-07-09 18:42 . 2013-07-09 18:42	--------	d-----w-	c:\users\***\AppData\Roaming\pdfforge
2013-07-09 18:42 . 2013-01-09 13:52	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2013-07-09 18:42 . 2012-05-05 09:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2013-07-09 18:42 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2013-07-09 18:42 . 2013-04-09 13:13	110264	----a-w-	c:\windows\system32\pdfcmon.dll
2013-07-09 18:42 . 2013-07-09 18:42	--------	d-----w-	c:\program files (x86)\PDFCreator
2013-07-09 18:42 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2013-07-09 18:42 . 1998-07-06 16:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2013-07-09 18:42 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2013-07-09 18:42 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2013-07-09 13:12 . 2013-07-09 13:12	--------	d-----w-	c:\users\***\AppData\Roaming\OpenOffice.org
2013-07-09 13:11 . 2013-07-09 13:11	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2013-07-03 19:27 . 2013-07-04 06:58	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-07-03 18:55 . 2013-07-03 18:58	--------	d-----w-	C:\localtexmf
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 14:40 . 2013-05-27 07:28	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-06-14 09:50 . 2013-06-14 09:50	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-14 09:50 . 2013-06-14 09:50	311200	----a-w-	c:\windows\system32\javaws.exe
2013-06-14 09:50 . 2013-06-14 09:50	188832	----a-w-	c:\windows\system32\javaw.exe
2013-06-14 09:50 . 2013-06-14 09:50	188320	----a-w-	c:\windows\system32\java.exe
2013-06-14 09:50 . 2013-05-27 11:33	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-14 09:50 . 2013-05-27 11:33	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-12 14:50 . 2013-05-27 14:35	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:50 . 2013-05-27 14:35	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-28 15:32 . 2013-05-28 15:32	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-28 15:32 . 2013-05-28 15:32	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-05-28 15:32 . 2013-05-28 15:32	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-28 15:32 . 2013-05-28 15:32	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-05-28 15:32 . 2013-05-28 15:32	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-05-28 15:32 . 2013-05-28 15:32	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-05-28 15:32 . 2013-05-28 15:32	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-05-28 15:32 . 2013-05-28 15:32	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-05-28 15:32 . 2013-05-28 15:32	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-28 15:32 . 2013-05-28 15:32	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-05-28 15:32 . 2013-05-28 15:32	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-05-28 15:32 . 2013-05-28 15:32	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-05-28 15:32 . 2013-05-28 15:32	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-05-28 15:32 . 2013-05-28 15:32	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-05-28 15:32 . 2013-05-28 15:32	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-05-28 15:32 . 2013-05-28 15:32	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-05-28 15:32 . 2013-05-28 15:32	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-05-28 15:32 . 2013-05-28 15:32	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-28 15:32 . 2013-05-28 15:32	81408	----a-w-	c:\windows\system32\icardie.dll
2013-05-28 15:32 . 2013-05-28 15:32	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-05-28 15:32 . 2013-05-28 15:32	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-05-28 15:32 . 2013-05-28 15:32	441856	----a-w-	c:\windows\system32\html.iec
2013-05-28 15:32 . 2013-05-28 15:32	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-05-28 15:32 . 2013-05-28 15:32	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-05-28 15:32 . 2013-05-28 15:32	235008	----a-w-	c:\windows\system32\url.dll
2013-05-28 15:32 . 2013-05-28 15:32	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-05-28 15:32 . 2013-05-28 15:32	216064	----a-w-	c:\windows\system32\msls31.dll
2013-05-28 15:32 . 2013-05-28 15:32	197120	----a-w-	c:\windows\system32\msrating.dll
2013-05-28 15:32 . 2013-05-28 15:32	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-05-28 15:32 . 2013-05-28 15:32	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-28 15:32 . 2013-05-28 15:32	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-28 15:32 . 2013-05-28 15:32	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-05-28 15:32 . 2013-05-28 15:32	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-05-28 15:32 . 2013-05-28 15:32	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-05-28 15:32 . 2013-05-28 15:32	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-05-28 15:32 . 2013-05-28 15:32	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-05-28 15:32 . 2013-05-28 15:32	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-05-28 15:32 . 2013-05-28 15:32	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-28 15:32 . 2013-05-28 15:32	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-05-28 15:32 . 2013-05-28 15:32	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-28 15:32 . 2013-05-28 15:32	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-05-28 15:32 . 2013-05-28 15:32	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-28 15:32 . 2013-05-28 15:32	149504	----a-w-	c:\windows\system32\occache.dll
2013-05-28 15:32 . 2013-05-28 15:32	144896	----a-w-	c:\windows\system32\wextract.exe
2013-05-28 15:32 . 2013-05-28 15:32	13824	----a-w-	c:\windows\system32\mshta.exe
2013-05-28 15:32 . 2013-05-28 15:32	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-05-28 15:32 . 2013-05-28 15:32	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-28 15:32 . 2013-05-28 15:32	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-05-28 15:32 . 2013-05-28 15:32	102912	----a-w-	c:\windows\system32\inseng.dll
2013-05-28 15:30 . 2013-05-28 15:30	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-28 15:30 . 2013-05-28 15:30	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-05-28 15:30 . 2013-05-28 15:30	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-05-28 15:30 . 2013-05-28 15:30	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-05-28 15:30 . 2013-05-28 15:30	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-05-28 15:30 . 2013-05-28 15:30	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-05-28 15:30 . 2013-05-28 15:30	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-05-28 15:30 . 2013-05-28 15:30	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-05-28 15:30 . 2013-05-28 15:30	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-28 15:30 . 2013-05-28 15:30	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-05-28 15:30 . 2013-05-28 15:30	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-05-28 15:30 . 2013-05-28 15:30	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-05-28 15:30 . 2013-05-28 15:30	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-05-28 15:30 . 2013-05-28 15:30	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-05-28 15:30 . 2013-05-28 15:30	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-05-28 15:30 . 2013-05-28 15:30	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-05-28 15:30 . 2013-05-28 15:30	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-05-28 15:30 . 2013-05-28 15:30	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-05-28 15:30 . 2013-05-28 15:30	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-28 15:30 . 2013-05-28 15:30	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-05-28 15:30 . 2013-05-28 15:30	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-05-28 15:30 . 2013-05-28 15:30	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-28 15:30 . 2013-05-28 15:30	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-05-28 15:30 . 2013-05-28 15:30	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-05-28 15:30 . 2013-05-28 15:30	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-05-27 900160]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-04-23 6002984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2013-5-27 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\DRIVERS\GKUPRO2D.sys;c:\windows\SYSNATIVE\DRIVERS\GKUPRO2D.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcfilterlno2k.sys [x]
S3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbnetlno2k.sys [x]
S3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbserlno2k.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-27 14:50]
.
2013-07-31 c:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
- c:\program files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-05-27 16:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2013-02-12 382248]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2013-03-18 63784]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-02-26 60920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=B80A00A0C6000000&affID=120695&tsp=4924
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-EaseUS EPM tray - c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-31  10:29:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-31 08:29
.
Vor Suchlauf: 13 Verzeichnis(se), 17.177.186.304 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 18.281.144.320 Bytes frei
.
- - End Of File - - 20E19BF20717E91A7F26B77087E47AC8

--- --- ---
D41D8CD98F00B204E9800998ECF8427E

[/CODE]

schrauber · 31.07.2013, 11:34

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Bacchus91 · 31.07.2013, 12:31

Hi schrauber,

hier wieder die gewünschten Files.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.30.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
*** :: ***-PC [Administrator]

Schutz: Aktiviert

30.07.2013 11:33:45
mbam-log-2013-07-30 (11-33-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 473634
Laufzeit: 29 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Users\***\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 12
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RWHYV3I\DeltaTB[1].exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZJUQYSR\pack[1].7z (PUP.Browser.Defender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\3C487C22-BAB0-7891-8C0A-7FA2287BED2E\Latest\ccp.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\3C487C22-BAB0-7891-8C0A-7FA2287BED2E\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 31/07/2013 um 12:57:29 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=B80A00A0C6000000&affID=120695&tsp=4924 --> hxxp://www.google.com

-\\ Opera v12.16.1860.0

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1294 octets] - [31/07/2013 12:57:29]

########## EOF - C:\AdwCleaner[S1].txt - [1354 octets] ##########

--- --- ---

JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Professional x64
Ran by *** on 31.07.2013 at 13:03:40,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.07.2013 at 13:07:38,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by *** (administrator) on 31-07-2013 13:14:20
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2013-05-27] (Sophos Limited)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [218256 2013-05-27] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [221840 2013-05-27] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

==================== Services (Whitelisted) =================

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2013-05-27] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2013-05-27] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2013-05-27] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-05-27] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2013-05-27] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2013-05-27] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
S3 GKUPRO2D; C:\Windows\System32\DRIVERS\GKUPRO2D.sys [120320 2012-11-05] (Gemalto)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2013-05-27] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-05-27] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-05-27] (Sophos Plc)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 13:03 - 2013-07-31 13:03 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 13:01 - 2013-07-31 13:01 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-31 13:00 - 2013-07-31 13:00 - 00001406 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-31 12:57 - 2013-07-31 12:57 - 00001421 _____ C:\AdwCleaner[S1].txt
2013-07-31 12:55 - 2013-07-31 12:55 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-31 12:44 - 2013-07-31 12:44 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-31 12:43 - 2013-07-31 12:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 12:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-31 12:40 - 2013-07-31 12:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\***\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 ___SD C:\ComboFix
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 ___SD C:\32788R22FWJFW
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-31 10:32 - 2013-07-31 10:32 - 00023514 _____ C:\Users\***\Desktop\Computer.txt
2013-07-31 10:29 - 2013-07-31 10:29 - 00023532 _____ C:\ComboFix.txt
2013-07-31 10:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-31 10:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-31 10:09 - 2009-04-20 06:56 - 00060416 _____ C:\Windows\NIRCMD.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00098816 ____R C:\Windows\sed.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-31 10:08 - 2013-07-31 10:36 - 00000000 ____D C:\Qoobox
2013-07-31 10:08 - 2013-07-31 10:28 - 00000000 ____D C:\Windows\erdnt
2013-07-31 09:54 - 2013-07-31 09:55 - 05098210 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-30 16:50 - 2013-07-30 16:50 - 00000000 ____D C:\FRST
2013-07-30 16:48 - 2013-07-30 16:48 - 01781589 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-30 15:56 - 2013-07-30 15:56 - 00076294 _____ C:\Users\***\Desktop\OTL_anym.txt
2013-07-30 15:52 - 2013-07-30 15:52 - 00037522 _____ C:\Users\***\Desktop\Extras_anym.txt
2013-07-30 15:43 - 2013-07-30 15:43 - 00262144 _____ C:\Windows\Minidump\073013-10186-01.dmp
2013-07-30 15:39 - 2013-07-30 15:39 - 00037522 _____ C:\Users\***\Documents\Extras_anym.txt
2013-07-30 15:02 - 2013-07-30 15:02 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-30 14:58 - 2013-07-30 14:58 - 00076564 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-30 14:58 - 2013-07-30 14:58 - 00037666 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-30 14:54 - 2013-07-30 14:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-30 14:53 - 2013-07-30 14:54 - 00000474 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-30 14:53 - 2013-07-30 14:53 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-30 14:53 - 2013-07-30 14:53 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-30 11:48 - 2013-07-30 11:49 - 90332944 _____ (Microsoft Corporation) C:\Users\***\Desktop\msert.exe
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-29 21:59 - 2013-07-29 21:59 - 07158681 _____ C:\Users\***\Desktop\PPFScan.zip
2013-07-29 21:31 - 2013-07-29 21:40 - 00016819 _____ C:\Users\***\JASA_neu_MB.log
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MBNotes.bib
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MB.aux
2013-07-19 11:50 - 2013-07-19 11:50 - 00000718 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-19 09:41 - 2013-07-23 13:49 - 00009728 _____ C:\Users\***\Desktop\Bewertung_ts.xls
2013-07-15 19:27 - 2013-07-15 19:27 - 00873503 _____ C:\Users\***\Desktop\BCKP_Review.odt
2013-07-13 17:38 - 2013-07-13 17:38 - 00876780 _____ C:\Users\***\Downloads\Jade HS Briefkopf FB-BuG.dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00936402 _____ C:\Users\***\Downloads\Jade HS Briefkopf englisch (OL).dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00876901 _____ C:\Users\***\Downloads\Jade HS Briefkopf (OL).dotx
2013-07-13 16:39 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 16:39 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 16:39 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 16:39 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 16:39 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 16:39 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 16:39 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 16:39 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 16:39 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 16:38 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 16:38 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 16:38 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 16:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 16:38 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 16:38 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 16:38 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 16:38 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 16:38 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 16:38 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 09:15 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:15 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:15 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:15 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:15 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:15 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:15 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 10:22 - 2013-07-11 10:22 - 00000000 ____D C:\Users\***\Desktop\Escalateur
2013-07-11 09:49 - 2013-07-11 09:50 - 00000000 ____D C:\Users\***\Desktop\HG_Protokolle_Tobi
2013-07-09 20:42 - 2013-07-09 20:42 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-09 20:42 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-07-09 20:42 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-07-09 20:42 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-07-09 20:42 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-07-09 20:42 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-07-09 20:42 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-07-09 20:42 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-07-09 20:42 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-07-09 15:12 - 2013-07-09 15:12 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenOffice.org
2013-07-09 15:11 - 2013-07-09 15:11 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-03 21:27 - 2013-07-04 08:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-03 20:55 - 2013-07-03 20:58 - 00000000 ____D C:\localtexmf
2013-07-03 20:35 - 2013-07-03 20:35 - 01337435 _____ C:\Users\***\Desktop\JasaTeX-0.1tc7.zip
133

==================== One Month Modified Files and Folders =======

2013-07-31 13:11 - 2013-05-27 13:40 - 00000548 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-07-31 13:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 13:11 - 2009-07-14 06:51 - 00039317 _____ C:\Windows\setupact.log
2013-07-31 13:10 - 2013-05-27 09:03 - 01442199 _____ C:\Windows\WindowsUpdate.log
2013-07-31 13:07 - 2013-07-31 13:07 - 00000626 _____ C:\Users\***\Desktop\JRT.txt
2013-07-31 13:06 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 13:06 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 13:03 - 2013-07-31 13:03 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 13:03 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-31 13:03 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-31 13:03 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-31 13:01 - 2013-07-31 13:01 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-31 13:00 - 2013-07-31 13:00 - 00001406 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-31 12:57 - 2013-07-31 12:57 - 00001421 _____ C:\AdwCleaner[S1].txt
2013-07-31 12:55 - 2013-07-31 12:55 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-31 12:50 - 2013-05-27 16:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 12:44 - 2013-07-31 12:44 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-31 12:44 - 2013-07-31 12:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 12:40 - 2013-07-31 12:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\***\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 ___SD C:\ComboFix
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 ___SD C:\32788R22FWJFW
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-31 10:36 - 2013-07-31 10:08 - 00000000 ____D C:\Qoobox
2013-07-31 10:32 - 2013-07-31 10:32 - 00023514 _____ C:\Users\***\Desktop\Computer.txt
2013-07-31 10:29 - 2013-07-31 10:29 - 00023532 _____ C:\ComboFix.txt
2013-07-31 10:29 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-31 10:28 - 2013-07-31 10:08 - 00000000 ____D C:\Windows\erdnt
2013-07-31 10:27 - 2013-05-27 11:12 - 00010628 _____ C:\Windows\PFRO.log
2013-07-31 10:27 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-31 10:27 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-31 10:13 - 2009-07-14 04:34 - 53739520 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 43515904 _____ C:\Windows\system32\config\COMPONENTS.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 15204352 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-07-31 09:55 - 2013-07-31 09:54 - 05098210 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-30 16:50 - 2013-07-30 16:50 - 00000000 ____D C:\FRST
2013-07-30 16:48 - 2013-07-30 16:48 - 01781589 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-30 15:56 - 2013-07-30 15:56 - 00076294 _____ C:\Users\***\Desktop\OTL_anym.txt
2013-07-30 15:52 - 2013-07-30 15:52 - 00037522 _____ C:\Users\***\Desktop\Extras_anym.txt
2013-07-30 15:43 - 2013-07-30 15:43 - 00262144 _____ C:\Windows\Minidump\073013-10186-01.dmp
2013-07-30 15:43 - 2013-06-20 21:34 - 00000000 ____D C:\Windows\Minidump
2013-07-30 15:39 - 2013-07-30 15:39 - 00037522 _____ C:\Users\***\Documents\Extras_anym.txt
2013-07-30 15:02 - 2013-07-30 15:02 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-30 14:58 - 2013-07-30 14:58 - 00076564 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-30 14:58 - 2013-07-30 14:58 - 00037666 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-30 14:54 - 2013-07-30 14:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-30 14:54 - 2013-07-30 14:53 - 00000474 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-30 14:53 - 2013-07-30 14:53 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-30 14:53 - 2013-07-30 14:53 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-30 14:53 - 2013-05-27 09:03 - 00000000 ____D C:\Users\***
2013-07-30 11:49 - 2013-07-30 11:48 - 90332944 _____ (Microsoft Corporation) C:\Users\***\Desktop\msert.exe
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-30 09:08 - 2013-05-27 13:42 - 00000000 ____D C:\Users\***\Documents\MATLAB
2013-07-29 21:59 - 2013-07-29 21:59 - 07158681 _____ C:\Users\***\Desktop\PPFScan.zip
2013-07-29 21:40 - 2013-07-29 21:31 - 00016819 _____ C:\Users\***\JASA_neu_MB.log
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MBNotes.bib
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MB.aux
2013-07-29 15:19 - 2013-05-27 09:03 - 00000000 ____D C:\Users\***\AppData\Local\VirtualStore
2013-07-23 13:49 - 2013-07-19 09:41 - 00009728 _____ C:\Users\***\Desktop\Bewertung_ts.xls
2013-07-19 11:50 - 2013-07-19 11:50 - 00000718 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-16 20:32 - 2013-05-27 13:51 - 00000000 ____D C:\Users\***\AppData\Roaming\foobar2000
2013-07-16 14:29 - 2013-06-04 17:48 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-07-15 19:27 - 2013-07-15 19:27 - 00873503 _____ C:\Users\***\Desktop\BCKP_Review.odt
2013-07-14 21:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-13 17:38 - 2013-07-13 17:38 - 00876780 _____ C:\Users\***\Downloads\Jade HS Briefkopf FB-BuG.dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00936402 _____ C:\Users\***\Downloads\Jade HS Briefkopf englisch (OL).dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00876901 _____ C:\Users\***\Downloads\Jade HS Briefkopf (OL).dotx
2013-07-13 17:03 - 2009-07-14 06:45 - 00294168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 17:01 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 17:01 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 17:01 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 16:40 - 2013-05-27 09:28 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-12 09:24 - 2013-05-27 10:20 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-11 14:22 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-11 10:22 - 2013-07-11 10:22 - 00000000 ____D C:\Users\***\Desktop\Escalateur
2013-07-11 09:50 - 2013-07-11 09:49 - 00000000 ____D C:\Users\***\Desktop\HG_Protokolle_Tobi
2013-07-09 20:42 - 2013-07-09 20:42 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-09 19:10 - 2013-05-27 10:41 - 00064024 _____ C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-09 15:12 - 2013-07-09 15:12 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenOffice.org
2013-07-09 15:12 - 2013-05-27 09:03 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-09 15:11 - 2013-07-09 15:11 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-09 15:11 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 09:34 - 2013-05-27 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 08:58 - 2013-07-03 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-04 08:58 - 2013-05-27 13:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird.bak
2013-07-03 20:58 - 2013-07-03 20:55 - 00000000 ____D C:\localtexmf
2013-07-03 20:37 - 2013-05-27 12:01 - 00000000 ____D C:\Program Files\MiKTeX 2.9
2013-07-03 20:35 - 2013-07-03 20:35 - 01337435 _____ C:\Users\***\Desktop\JasaTeX-0.1tc7.zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 10:07

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by *** at 2013-07-31 13:22:08
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Anzeige am Bildschirm (Version: 6.67.50)
Conexant 20585 SmartAudio HD (Version: 4.95.48.50)
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0)
dows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0)
Energie-Manager (x32 Version: 6.54)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4)
foobar2000 v1.2.6 (x32 Version: 1.2.6)
GNU Aspell 0.50-3 (x32)
GPL Ghostscript (x32 Version: 9.07)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Network Connections Drivers (Version: 16.8)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2827)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Lenovo Mobile Broadband Activation (x32 Version: 4.2.1003.00)
Lenovo Patch Utility (x32 Version: 1.3.2.4)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (x32 Version: 5.02.0011)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MATLAB R2013a (Version: 8.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MiKTeX 2.9 (Version: 2.9)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.16 (x32 Version: 12.16.1860)
PDFCreator (x32 Version: 1.7.0)
Qualcomm Gobi 2000 Package for Lenovo (x32 Version: 1.1.250)
Skype™ 6.3 (x32 Version: 6.3.107)
Sophos Anti-Virus (x32 Version: 10.0.10)
Sophos AutoUpdate (x32 Version: 2.7.4.317)
SumatraPDF (x32 Version: 2.3.2)
System Requirements Lab for Intel (64-bit) (Version: 4.5.13.0)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Modem Adapter (Version: 7.80.5.0)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 6.01)
ThinkVantage Communications Utility (Version: 2.10.0.0)
ThinkVantage GPS (x32 Version: 2.80)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.77.0.11)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Verizon Wireless Mobile Broadband Self Activation (x32 Version: 3.2.2)
VLC media player 2.0.6 (Version: 2.0.6)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-31 10:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CBD8359-DEC1-4775-8E11-64CA2E3292D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {6CA1431F-7168-4455-8ACE-22073B0E0DDF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {73B49B8E-59B1-4793-AA64-73025F9A1339} - System32\Tasks\EPUpdater => C:\Users\***\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {88B00598-F6C0-4389-ADAD-B8A764524E8B} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {B4CA9EAD-1AF8-4DEA-8DFF-1C2431EDB262} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {D4D5C3DA-881F-45FD-ADB1-2F6FDFEB92A8} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2013 01:10:15 PM) (Source: Application Hang) (User: )
Description: Programm SavMain.exe, Version 10.0.8.7000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d10

Startzeit: 01ce8dde51d9e879

Endzeit: 47

Anwendungspfad: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe

Berichts-ID:


System errors:
=============
Error: (07/31/2013 01:11:12 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (07/31/2013 01:10:15 PM) (Source: Application Hang)(User: )
Description: SavMain.exe10.0.8.7000d1001ce8dde51d9e87947C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe


CodeIntegrity Errors:
===================================
  Date: 2013-07-31 10:13:03.924
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-31 10:13:03.861
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 3891.67 MB
Available physical RAM: 2380.95 MB
Total Pagefile: 7781.53 MB
Available Pagefile: 6095.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:17.09 GB) NTFS (Disk=0 Partition=2)
Drive f: (Daten) (Fixed) (Total:48.21 GB) (Free:28.81 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: A636F269)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=83)
Partition 4: (Not Active) - (Size=50 GB) - (Type=OF Extended)

==================== End Of Log ============================

--- --- ---

schrauber · 31.07.2013, 15:28

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Bacchus91 · 31.07.2013, 18:29

Hey schrauber,

also ich bemerke zur Zeit keine Probleme mit dem Rechner.
Die gewünschten Files sind wieder anbei.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6af6712a45ede14e92cea01a815b55b6
# engine=14602
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-31 05:03:57
# local_time=2013-07-31 07:03:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 21266 126920087 0 0
# compatibility_mode=8450 16777213 100 98 5093 5646749 0 0
# scanned=303671
# found=0
# cleaned=0
# scan_time=2825

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Sophos Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Thunderbird (17.0.7) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Control swc_service.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by *** (administrator) on 31-07-2013 19:11:01
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Sophos Limited) C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\alupdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2013-05-27] (Sophos Limited)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll [218256 2013-05-27] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll [221840 2013-05-27] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [127040] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

==================== Services (Whitelisted) =================

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2013-05-27] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2013-05-27] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2013-05-27] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-05-27] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2013-05-27] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2013-05-27] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
S3 GKUPRO2D; C:\Windows\System32\DRIVERS\GKUPRO2D.sys [120320 2012-11-05] (Gemalto)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2013-05-27] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-05-27] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-05-27] (Sophos Plc)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 18:13 - 2013-07-31 18:13 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-31 17:42 - 2013-07-31 17:42 - 00891098 _____ C:\Users\***\Desktop\SecurityCheck.exe
2013-07-31 17:40 - 2013-07-31 17:40 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-31 13:22 - 2013-07-31 13:22 - 00008184 _____ C:\Users\***\Desktop\Addition.txt
2013-07-31 13:07 - 2013-07-31 13:07 - 00000626 _____ C:\Users\***\Desktop\JRT.txt
2013-07-31 13:03 - 2013-07-31 13:03 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 13:01 - 2013-07-31 13:01 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-31 13:00 - 2013-07-31 13:00 - 00001406 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-31 12:57 - 2013-07-31 12:57 - 00001421 _____ C:\AdwCleaner[S1].txt
2013-07-31 12:55 - 2013-07-31 12:55 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-31 12:44 - 2013-07-31 12:44 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-31 12:43 - 2013-07-31 12:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 12:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-31 12:40 - 2013-07-31 12:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\***\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 ___SD C:\ComboFix
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 ___SD C:\32788R22FWJFW
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-31 10:32 - 2013-07-31 10:32 - 00023514 _____ C:\Users\***\Desktop\Computer.txt
2013-07-31 10:29 - 2013-07-31 10:29 - 00023532 _____ C:\ComboFix.txt
2013-07-31 10:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-31 10:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-31 10:09 - 2009-04-20 06:56 - 00060416 _____ C:\Windows\NIRCMD.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00098816 ____R C:\Windows\sed.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-31 10:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-31 10:08 - 2013-07-31 10:36 - 00000000 ____D C:\Qoobox
2013-07-31 10:08 - 2013-07-31 10:28 - 00000000 ____D C:\Windows\erdnt
2013-07-31 09:54 - 2013-07-31 09:55 - 05098210 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-30 16:50 - 2013-07-30 16:50 - 00000000 ____D C:\FRST
2013-07-30 16:48 - 2013-07-30 16:48 - 01781589 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-30 15:56 - 2013-07-30 15:56 - 00076294 _____ C:\Users\***\Desktop\OTL_anym.txt
2013-07-30 15:52 - 2013-07-30 15:52 - 00037522 _____ C:\Users\***\Desktop\Extras_anym.txt
2013-07-30 15:43 - 2013-07-30 15:43 - 00262144 _____ C:\Windows\Minidump\073013-10186-01.dmp
2013-07-30 15:39 - 2013-07-30 15:39 - 00037522 _____ C:\Users\***\Documents\Extras_anym.txt
2013-07-30 15:02 - 2013-07-30 15:02 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-30 14:58 - 2013-07-30 14:58 - 00076564 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-30 14:58 - 2013-07-30 14:58 - 00037666 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-30 14:54 - 2013-07-30 14:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-30 14:53 - 2013-07-30 14:54 - 00000474 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-30 14:53 - 2013-07-30 14:53 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-30 14:53 - 2013-07-30 14:53 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-30 11:48 - 2013-07-30 11:49 - 90332944 _____ (Microsoft Corporation) C:\Users\***\Desktop\msert.exe
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-29 21:59 - 2013-07-29 21:59 - 07158681 _____ C:\Users\***\Desktop\PPFScan.zip
2013-07-29 21:31 - 2013-07-29 21:40 - 00016819 _____ C:\Users\***\JASA_neu_MB.log
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MBNotes.bib
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MB.aux
2013-07-19 11:50 - 2013-07-19 11:50 - 00000718 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-19 09:41 - 2013-07-23 13:49 - 00009728 _____ C:\Users\***\Desktop\Bewertung_ts.xls
2013-07-15 19:27 - 2013-07-15 19:27 - 00873503 _____ C:\Users\***\Desktop\BCKP_Review.odt
2013-07-13 17:38 - 2013-07-13 17:38 - 00876780 _____ C:\Users\***\Downloads\Jade HS Briefkopf FB-BuG.dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00936402 _____ C:\Users\***\Downloads\Jade HS Briefkopf englisch (OL).dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00876901 _____ C:\Users\***\Downloads\Jade HS Briefkopf (OL).dotx
2013-07-13 16:39 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 16:39 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 16:39 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 16:39 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 16:39 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 16:39 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 16:39 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 16:39 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 16:39 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 16:39 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 16:39 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 16:38 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 16:38 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 16:38 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 16:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 16:38 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 16:38 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 16:38 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 16:38 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 16:38 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 16:38 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 09:15 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:15 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:15 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:15 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:15 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:15 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:15 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 10:22 - 2013-07-11 10:22 - 00000000 ____D C:\Users\***\Desktop\Escalateur
2013-07-11 09:49 - 2013-07-11 09:50 - 00000000 ____D C:\Users\***\Desktop\HG_Protokolle_Tobi
2013-07-09 20:42 - 2013-07-09 20:42 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-09 20:42 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-07-09 20:42 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-07-09 20:42 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-07-09 20:42 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-07-09 20:42 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-07-09 20:42 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-07-09 20:42 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-07-09 20:42 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-07-09 15:12 - 2013-07-09 15:12 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenOffice.org
2013-07-09 15:11 - 2013-07-09 15:11 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-03 21:27 - 2013-07-04 08:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-03 20:55 - 2013-07-03 20:58 - 00000000 ____D C:\localtexmf
2013-07-03 20:35 - 2013-07-03 20:35 - 01337435 _____ C:\Users\***\Desktop\JasaTeX-0.1tc7.zip
139

==================== One Month Modified Files and Folders =======

2013-07-31 19:10 - 2013-07-31 19:10 - 00001113 _____ C:\Users\***\Desktop\checkup.txt
2013-07-31 19:07 - 2013-05-27 09:03 - 01456470 _____ C:\Windows\WindowsUpdate.log
2013-07-31 18:50 - 2013-05-27 16:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 18:13 - 2013-07-31 18:13 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-31 18:13 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-31 18:13 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-31 18:13 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-31 17:42 - 2013-07-31 17:42 - 00891098 _____ C:\Users\***\Desktop\SecurityCheck.exe
2013-07-31 17:40 - 2013-07-31 17:40 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-31 13:22 - 2013-07-31 13:22 - 00008184 _____ C:\Users\***\Desktop\Addition.txt
2013-07-31 13:18 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 13:18 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 13:11 - 2013-05-27 13:40 - 00000548 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-07-31 13:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 13:11 - 2009-07-14 06:51 - 00039317 _____ C:\Windows\setupact.log
2013-07-31 13:07 - 2013-07-31 13:07 - 00000626 _____ C:\Users\***\Desktop\JRT.txt
2013-07-31 13:03 - 2013-07-31 13:03 - 00000000 ____D C:\Windows\ERUNT
2013-07-31 13:01 - 2013-07-31 13:01 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-31 13:00 - 2013-07-31 13:00 - 00001406 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-31 12:57 - 2013-07-31 12:57 - 00001421 _____ C:\AdwCleaner[S1].txt
2013-07-31 12:55 - 2013-07-31 12:55 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-31 12:44 - 2013-07-31 12:44 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-31 12:44 - 2013-07-31 12:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 12:40 - 2013-07-31 12:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\***\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 ___SD C:\ComboFix
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 ___SD C:\32788R22FWJFW
2013-07-31 10:36 - 2013-07-31 10:36 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-31 10:36 - 2013-07-31 10:08 - 00000000 ____D C:\Qoobox
2013-07-31 10:32 - 2013-07-31 10:32 - 00023514 _____ C:\Users\***\Desktop\Computer.txt
2013-07-31 10:29 - 2013-07-31 10:29 - 00023532 _____ C:\ComboFix.txt
2013-07-31 10:29 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-31 10:28 - 2013-07-31 10:08 - 00000000 ____D C:\Windows\erdnt
2013-07-31 10:27 - 2013-05-27 11:12 - 00010628 _____ C:\Windows\PFRO.log
2013-07-31 10:27 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-31 10:27 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-31 10:13 - 2009-07-14 04:34 - 53739520 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 43515904 _____ C:\Windows\system32\config\COMPONENTS.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 15204352 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-31 10:13 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-07-31 09:55 - 2013-07-31 09:54 - 05098210 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-30 16:50 - 2013-07-30 16:50 - 00000000 ____D C:\FRST
2013-07-30 16:48 - 2013-07-30 16:48 - 01781589 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-30 15:56 - 2013-07-30 15:56 - 00076294 _____ C:\Users\***\Desktop\OTL_anym.txt
2013-07-30 15:52 - 2013-07-30 15:52 - 00037522 _____ C:\Users\***\Desktop\Extras_anym.txt
2013-07-30 15:43 - 2013-07-30 15:43 - 00262144 _____ C:\Windows\Minidump\073013-10186-01.dmp
2013-07-30 15:43 - 2013-06-20 21:34 - 00000000 ____D C:\Windows\Minidump
2013-07-30 15:39 - 2013-07-30 15:39 - 00037522 _____ C:\Users\***\Documents\Extras_anym.txt
2013-07-30 15:02 - 2013-07-30 15:02 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-30 14:58 - 2013-07-30 14:58 - 00076564 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-30 14:58 - 2013-07-30 14:58 - 00037666 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-30 14:54 - 2013-07-30 14:54 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-30 14:54 - 2013-07-30 14:53 - 00000474 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-30 14:53 - 2013-07-30 14:53 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-30 14:53 - 2013-07-30 14:53 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-30 14:53 - 2013-05-27 09:03 - 00000000 ____D C:\Users\***
2013-07-30 11:49 - 2013-07-30 11:48 - 90332944 _____ (Microsoft Corporation) C:\Users\***\Desktop\msert.exe
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-30 09:59 - 2013-07-30 09:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-30 09:08 - 2013-05-27 13:42 - 00000000 ____D C:\Users\***\Documents\MATLAB
2013-07-29 21:59 - 2013-07-29 21:59 - 07158681 _____ C:\Users\***\Desktop\PPFScan.zip
2013-07-29 21:40 - 2013-07-29 21:31 - 00016819 _____ C:\Users\***\JASA_neu_MB.log
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MBNotes.bib
2013-07-29 21:31 - 2013-07-29 21:31 - 00000000 _____ C:\Users\***\JASA_neu_MB.aux
2013-07-29 15:19 - 2013-05-27 09:03 - 00000000 ____D C:\Users\***\AppData\Local\VirtualStore
2013-07-23 13:49 - 2013-07-19 09:41 - 00009728 _____ C:\Users\***\Desktop\Bewertung_ts.xls
2013-07-19 11:50 - 2013-07-19 11:50 - 00000718 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-16 20:32 - 2013-05-27 13:51 - 00000000 ____D C:\Users\***\AppData\Roaming\foobar2000
2013-07-16 14:29 - 2013-06-04 17:48 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-07-15 19:27 - 2013-07-15 19:27 - 00873503 _____ C:\Users\***\Desktop\BCKP_Review.odt
2013-07-14 21:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-13 17:38 - 2013-07-13 17:38 - 00876780 _____ C:\Users\***\Downloads\Jade HS Briefkopf FB-BuG.dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00936402 _____ C:\Users\***\Downloads\Jade HS Briefkopf englisch (OL).dotx
2013-07-13 17:37 - 2013-07-13 17:37 - 00876901 _____ C:\Users\***\Downloads\Jade HS Briefkopf (OL).dotx
2013-07-13 17:03 - 2009-07-14 06:45 - 00294168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 17:01 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 17:01 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 17:01 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 16:40 - 2013-05-27 09:28 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-12 09:24 - 2013-05-27 10:20 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-11 14:22 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-11 10:22 - 2013-07-11 10:22 - 00000000 ____D C:\Users\***\Desktop\Escalateur
2013-07-11 09:50 - 2013-07-11 09:49 - 00000000 ____D C:\Users\***\Desktop\HG_Protokolle_Tobi
2013-07-09 20:42 - 2013-07-09 20:42 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-09 19:10 - 2013-05-27 10:41 - 00064024 _____ C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-09 15:12 - 2013-07-09 15:12 - 00000000 ____D C:\Users\***\AppData\Roaming\OpenOffice.org
2013-07-09 15:12 - 2013-05-27 09:03 - 00000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-09 15:11 - 2013-07-09 15:11 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-09 15:11 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 09:34 - 2013-05-27 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 08:58 - 2013-07-03 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-04 08:58 - 2013-05-27 13:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird.bak
2013-07-03 20:58 - 2013-07-03 20:55 - 00000000 ____D C:\localtexmf
2013-07-03 20:37 - 2013-05-27 12:01 - 00000000 ____D C:\Program Files\MiKTeX 2.9
2013-07-03 20:35 - 2013-07-03 20:35 - 01337435 _____ C:\Users\***\Desktop\JasaTeX-0.1tc7.zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 10:07

==================== End Of Log ============================

--- --- ---

[/CODE]

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by *** at 2013-07-31 19:11:48
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Anzeige am Bildschirm (Version: 6.67.50)
Conexant 20585 SmartAudio HD (Version: 4.95.48.50)
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0)
dows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0)
Energie-Manager (x32 Version: 6.54)
ESET Online Scanner v3 (x32)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4)
foobar2000 v1.2.6 (x32 Version: 1.2.6)
GNU Aspell 0.50-3 (x32)
GPL Ghostscript (x32 Version: 9.07)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Network Connections Drivers (Version: 16.8)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2827)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Lenovo Mobile Broadband Activation (x32 Version: 4.2.1003.00)
Lenovo Patch Utility (x32 Version: 1.3.2.4)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (x32 Version: 5.02.0011)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MATLAB R2013a (Version: 8.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MiKTeX 2.9 (Version: 2.9)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.16 (x32 Version: 12.16.1860)
PDFCreator (x32 Version: 1.7.0)
Qualcomm Gobi 2000 Package for Lenovo (x32 Version: 1.1.250)
Skype™ 6.3 (x32 Version: 6.3.107)
Sophos Anti-Virus (x32 Version: 10.0.10)
Sophos AutoUpdate (x32 Version: 2.7.4.317)
SumatraPDF (x32 Version: 2.3.2)
System Requirements Lab for Intel (64-bit) (Version: 4.5.13.0)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Modem Adapter (Version: 7.80.5.0)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 6.01)
ThinkVantage Communications Utility (Version: 2.10.0.0)
ThinkVantage GPS (x32 Version: 2.80)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.77.0.11)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Verizon Wireless Mobile Broadband Self Activation (x32 Version: 3.2.2)
VLC media player 2.0.6 (Version: 2.0.6)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-31 10:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CBD8359-DEC1-4775-8E11-64CA2E3292D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {6CA1431F-7168-4455-8ACE-22073B0E0DDF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {73B49B8E-59B1-4793-AA64-73025F9A1339} - System32\Tasks\EPUpdater => C:\Users\***\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {88B00598-F6C0-4389-ADAD-B8A764524E8B} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {B4CA9EAD-1AF8-4DEA-8DFF-1C2431EDB262} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {D4D5C3DA-881F-45FD-ADB1-2F6FDFEB92A8} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe

==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2013 07:04:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/31/2013 06:13:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/31/2013 06:12:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/31/2013 05:40:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/31/2013 01:10:15 PM) (Source: Application Hang) (User: )
Description: Programm SavMain.exe, Version 10.0.8.7000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d10

Startzeit: 01ce8dde51d9e879

Endzeit: 47

Anwendungspfad: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe

Berichts-ID:


System errors:
=============
Error: (07/31/2013 01:11:12 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (07/31/2013 07:04:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/31/2013 06:13:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\***\Desktop\esetsmartinstaller_enu.exe

Error: (07/31/2013 06:12:57 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\***\Desktop\esetsmartinstaller_enu.exe

Error: (07/31/2013 05:40:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\***\Desktop\esetsmartinstaller_enu.exe

Error: (07/31/2013 01:10:15 PM) (Source: Application Hang)(User: )
Description: SavMain.exe10.0.8.7000d1001ce8dde51d9e87947C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe


CodeIntegrity Errors:
===================================
  Date: 2013-07-31 10:13:03.924
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-31 10:13:03.861
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 3891.67 MB
Available physical RAM: 1844.87 MB
Total Pagefile: 7781.53 MB
Available Pagefile: 5771.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:16.95 GB) NTFS (Disk=0 Partition=2)
Drive f: (Daten) (Fixed) (Total:48.21 GB) (Free:28.81 GB) NTFS (Disk=0 Partition=4)
Drive g: (ViKK-FP-2) (Fixed) (Total:465.73 GB) (Free:0.02 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: A636F269)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=83)
Partition 4: (Not Active) - (Size=50 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 000521AB)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 31.07.2013, 19:55

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Bacchus91 · 31.07.2013, 20:53

Hallo schrauber,

vielen Dank. Alles ist erledigt und ich habe keine Fragen mehr.

Nochmals vielen dank für die Hilfe!

schrauber · 01.08.2013, 09:07

Gern Geschehen

01.08.2013, 09:07	#12
schrauber /// the machine /// TB-Ausbilder	"Win32/Small.ca Virus sollte entfernt werden" taucht in der taskleiste auf, Bluescreen bei GMER Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

"Win32/Small.ca Virus sollte entfernt werden" taucht in der taskleiste auf, Bluescreen bei GMER

Log-Analyse und Auswertung: "Win32/Small.ca Virus sollte entfernt werden" taucht in der taskleiste auf, Bluescreen bei GMER