Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bprotector von sophos gefunden als Adware und in Quarantäne geschickt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.09.2013, 17:12   #1
ratsucher
 
Bprotector von sophos gefunden als Adware und in Quarantäne geschickt - Standard

Bprotector von sophos gefunden als Adware und in Quarantäne geschickt



Hallo freundliche Helfer,

habe gerade von Sophos die Meldung erhalten, dass es Bprotector entdeckt hat und in Quarantäne geschickt hat. Es wird von Sophos als Adware eingeordnet. Bei Google aber als Trojaner. Was ist es nun? Ist es gefährlich. Ich habe Windows 8 auf einem Apple Macbook Air laufen.

Ich habe schon OTL einmal laufen lassen und unten sind die Files. Könnt Ihr mir helfen? Was habe ich mir eingefangen? Ist es gefährlich? Bekomme ich es sicher weg?

Danke!

a) OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.09.2013 17:45:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erzähler\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 45,15% Memory free
4,37 Gb Paging File | 1,89 Gb Available in Paging File | 43,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 57,25 Gb Total Space | 30,56 Gb Free Space | 53,38% Space Free | Partition Type: NTFS
 
Computer Name: MAC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.09.02 17:34:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Erzähler\Downloads\OTL.exe
PRC - [2013.08.26 13:47:39 | 001,659,392 | ---- | M] (Verlag C.H.BECK) -- C:\Users\Erzähler\AppData\Local\Apps\2.0\L2NGZXLY.KV1\1HZKCKY2.HHZ\boka..tion_c11b86457b14c95a_0001.0000_4fe04cd981a79fea\BOKAutorensystem.exe
PRC - [2013.08.24 16:13:42 | 000,158,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2013.08.24 15:35:15 | 001,923,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office 15\root\office15\WINWORD.EXE
PRC - [2013.08.21 14:07:44 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013.08.14 19:55:19 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.08.13 16:41:17 | 002,838,480 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.12 23:27:48 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Programme\Classic Shell\ClassicShellService.exe
PRC - [2013.04.03 08:46:34 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.04.02 23:36:26 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.04.02 23:36:13 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.04.02 23:25:20 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2013.02.15 15:41:31 | 001,512,440 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
PRC - [2013.01.25 23:09:59 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2013.01.25 23:09:12 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.07.26 05:20:55 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.08.22 19:15:21 | 000,313,000 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013.08.22 19:15:15 | 000,358,056 | ---- | M] () -- C:\Programme\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013.08.21 14:07:43 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013.08.14 19:55:36 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.08.13 16:40:06 | 002,699,216 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.06.25 00:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013.06.01 11:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.08.21 14:07:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.08.14 19:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.08.13 16:41:17 | 002,838,480 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013.06.09 16:05:18 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.12 23:27:48 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Programme\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV - [2013.04.03 08:46:34 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.04.02 23:36:26 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.04.02 23:25:20 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2013.01.25 23:09:59 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2013.01.25 23:09:12 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2013.01.25 23:07:50 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.07.09 10:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013.07.02 02:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.07.02 00:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.06.29 08:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.06.10 23:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013.06.01 13:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.06.01 13:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.06.01 05:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.05.04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.05.04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.25 23:12:08 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2013.01.25 23:10:56 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2013.01.25 23:07:28 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.02 16:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dne64x.sys -- (DNE)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 C0 D7 69 20 A4 CE 01 [binary data]
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1007\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=682E462A60FA8BF0&affID=121963&tsp=4987
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=682E462A60FA8BF0&affID=121963&tsp=4987
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1007\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1007\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.holasearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=682E462A60FA8BF0&affID=121963&tsp=4987
IE - HKU\S-1-5-21-796827236-1285783300-878740325-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\SeeSimilar@SeeSimilar.com: C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com [2013.08.27 16:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SeeSimilar@SeeSimilar.com: C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com [2013.08.27 16:19:21 | 000,000,000 | ---D | M]
 
[2013.08.27 16:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.08.27 16:19:21 | 000,000,000 | ---D | M] (SeeSimilar) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\SeeSimilar@SeeSimilar.com
[2013.08.27 16:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.08.27 16:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@holasearch.com
[2013.08.24 16:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.08.24 16:04:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (holasearch Helper Object) - {DFF9B2DA-EF99-4B26-83CB-7058299999D8} - C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\bh\holasearch.dll (holasearch.com)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Holasearch Toolbar) - {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll (holasearch.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - Startup: C:\Users\Erzähler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E45F7EB8-8A2E-4575-B6CD-F96314A7D2A7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.08.27 23:30:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2013.08.27 23:29:55 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.08.27 23:29:55 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
[2013.08.27 23:29:55 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.08.27 23:29:54 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2013.08.27 23:28:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.08.27 23:28:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.08.27 23:28:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Packages
[2013.08.27 23:28:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
[2013.08.27 16:23:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.08.27 16:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.08.27 16:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\holasearch
[2013.08.27 16:20:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\BabSolution
[2013.08.27 16:19:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Babylon
[2013.08.27 16:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.08.27 16:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2013.08.27 16:19:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2013.08.27 16:19:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SeeSimilar
[2013.08.27 16:14:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2013.08.24 16:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.08.22 17:54:52 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2013.08.22 17:54:51 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2013.08.22 17:54:50 | 001,300,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013.08.22 17:54:50 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.08.22 17:54:50 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013.08.22 17:54:49 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2013.08.22 17:54:49 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2013.08.22 17:54:49 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2013.08.22 17:54:49 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.08.22 17:54:49 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013.08.22 17:54:49 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll
[2013.08.22 17:54:49 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2013.08.22 17:54:49 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll
[2013.08.22 17:54:49 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2013.08.22 17:54:48 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.08.22 17:54:48 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll
[2013.08.22 17:54:48 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.08.22 17:54:48 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2013.08.22 17:54:47 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll
[2013.08.22 17:54:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013.08.22 17:54:47 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll
[2013.08.22 17:54:47 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013.08.22 17:54:47 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.08.22 17:54:47 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys
[2013.08.22 17:54:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe
[2013.08.22 17:54:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll
[2013.08.22 17:54:46 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.08.22 17:54:46 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.08.22 17:54:46 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll
[2013.08.22 17:54:46 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll
[2013.08.22 17:54:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe
[2013.08.22 17:37:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.08.22 16:46:16 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013.08.22 16:46:16 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013.08.22 16:07:14 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.08.22 16:07:14 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.08.22 16:07:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.08.22 16:07:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.08.22 16:07:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.08.22 16:07:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.08.22 16:07:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.08.22 16:07:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.08.22 16:07:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.08.22 16:07:06 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.08.22 16:07:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.08.22 16:06:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.08.22 16:06:40 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.08.22 16:06:40 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.08.22 14:29:21 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.08.22 14:29:21 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.08.22 14:29:20 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll
[2013.08.22 14:29:20 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll
[2013.08.22 14:29:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll
[2013.08.22 14:29:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll
[2013.08.22 13:57:13 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.02 17:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.02 17:10:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.27 16:31:26 | 000,715,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.08.27 16:31:26 | 000,674,948 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.08.27 16:31:26 | 000,148,046 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.08.27 16:31:26 | 000,124,834 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.08.27 16:31:25 | 001,654,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.08.27 16:26:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.08.27 16:26:35 | 3213,361,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.25 15:29:52 | 000,421,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.08.24 16:04:49 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.08.27 23:29:29 | 000,001,438 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.08.27 16:16:58 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
[2013.08.25 15:29:49 | 000,421,880 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.08.24 16:04:49 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.08.24 16:04:47 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.08.22 17:54:46 | 000,387,583 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.01.25 23:21:58 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
         
--- --- ---

b) Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.09.2013 17:45:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erzähler\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 45,15% Memory free
4,37 Gb Paging File | 1,89 Gb Available in Paging File | 43,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 57,25 Gb Total Space | 30,56 Gb Free Space | 53,38% Space Free | Partition Type: NTFS
 
Computer Name: MAC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CA9CF56B-9276-40AF-A275-854E4DC045C2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CDC183-DE6C-4FAD-BDB6-AD17302EF68A}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{062D8086-1DA1-47D1-9C02-E6E837B025C6}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{0706E590-8038-483C-BE24-101389C80529}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{0941F4F4-9773-451F-8AE2-375075C75A65}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{0981804C-CE24-4021-9A26-BC2C33511879}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1449A7C6-F22A-44ED-A1B4-8E0A14704883}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{22DF0800-F3F3-4B56-9106-8A0189070F7E}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{25152562-55FD-4199-98C5-D6162B6944C0}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{292B706F-A72D-4636-B74B-3DA75B44E7D9}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{2A65730E-750E-44D2-B636-972FD7D4EE6C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{335A1F32-A866-481E-818A-CAF8CA922C9E}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{3DA79377-37A4-48C6-A3FC-3D19AF28617E}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{40109933-9A14-45C6-B9AF-D2094355F384}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{431D1CBB-F0DD-4250-B060-4EA8A9C9EA8C}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{43F2CAA9-16D0-454D-A281-5DBFD57DB2E1}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{44DF7EED-0960-4D67-9EB8-554AA6783D48}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{461D21A3-6E72-4FBA-80D0-32AA4EDC4BF2}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{4EB85497-0A75-43E5-AB02-755D3ACECD80}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{4EDAC65E-C63C-4E7B-98E0-4D2DBD93ED28}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{5CE4A1A7-2CE0-4D77-B7EE-7A53798B402E}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{68A038EA-1B17-40F2-8015-0F589BBF7441}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{6B46EDDE-CF11-414B-9C6F-E5A8C6BEC49D}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{6BB1967A-B422-4FFD-98C4-B9D778D6C81E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{6EABC256-5634-4579-9517-961676D444C2}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{71A75AA5-CA53-4CBF-8184-F62D95A36AE6}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{736FCD35-4650-4CE6-8A07-23B7AB936030}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{760E2878-B324-4A4B-8B0B-99E46FF9AA83}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{78E5BA3A-34B8-4894-A9ED-BFFB12A94FC2}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{794FD63F-715C-414E-8C71-42BD0DE885D9}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{7AB8CC43-F94D-459B-ADE7-E331655A3EA9}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{80256C6D-17B3-4A31-A9B4-8AD3238C8855}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8212E0C6-176F-4105-A47D-E9839477E4AF}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{84FCA78D-1894-483F-A7F5-D9EBE6B8B4C8}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{86B76DB5-7073-4B2C-9381-C837E0963A8A}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{8921512C-93C3-4944-B0DA-94F3261144BA}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8A0C555D-F78C-4420-AE1C-572C0A3EDB8A}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{8DB0019D-BAAB-4197-8A9F-B9253D1EB1F4}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{93085BB1-D594-4A6C-820E-CE8975892035}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{95325E6D-8D50-4CD2-B61D-D248D1E9CD84}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{9B9FF83B-3B78-41BD-8C03-A324D4D5B18A}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{9CBF2E90-5D58-4323-A46B-52B128903A85}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{9D6A373F-F8B4-4D19-8FBF-9F83BAA7B482}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{9E2DF822-EEA3-4B96-BAF3-2EF1723BBC99}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{9EF7727F-EFD7-49E2-ADE7-3CE6D083CAC6}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{A2EB65D7-BBE3-4E9F-B117-7BF6A6FCA84D}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{A73DCE61-3002-4409-9814-FAAACDFE86B4}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{AD550B88-9142-4934-8B4B-DB83FC10E78D}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{BB587CBE-FFBD-48F5-9D04-F6FC90A1F74C}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{BF6866FF-FE12-4229-AD13-C935A0AD2636}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{C527C87A-3DBD-410E-AE5F-D8EC2F2EEE21}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{C542A15E-B12A-4A46-81FF-28BD1A461F1C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{CDC3EB2F-8C50-4C72-A860-36FF556A9959}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{CEF190DE-2E65-4AB8-AC15-35E718C4B975}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D0337597-99AD-4C2A-882F-7244323211C6}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{DE3AA495-8F39-4396-8DE4-296998721EEA}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{E039CA0B-85FB-4F6B-9C1F-104C6876560B}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E0D30A21-0E9C-4C09-84BA-AC87CB02A6CC}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{E770B0DB-5BAA-45A0-A067-3AC3B5750914}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E9526C6D-FBB6-44EE-B97A-AB1B6CF9EAA1}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{ED31A480-C6D9-4FF8-ADF3-AE6C4BCDC938}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{F002964F-5D83-425F-BA87-07C31D602E56}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{F25E4B69-58DF-4E13-A99B-1E7A3EAAD418}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{F4BF7F4F-99EB-4C0B-9EA2-3A9131DF8847}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{F6E8A699-D562-47AF-8A77-6366F69A1304}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{F75DD0F3-CAE7-427F-8C86-77E24D593E5A}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"TCP Query User{7A7159F3-7F7E-4F99-9D8B-70D63BA3FF4C}C:\windows\syswow64\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"UDP Query User{5C6E5370-DC94-4544-8AF3-C77D50C5AD96}C:\windows\syswow64\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3734CD59-F77E-300A-ACAF-F4E2440F5530}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}" = Classic Shell
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{E36D785A-51FA-3B1F-A9E3-ED185D3356A6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{5DF04136-5E8E-49A2-B6DC-81FE35AD2D2B}" = BeckOK Word AddIn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{D282BBF2-DDFF-47F2-AD0E-41C2A5EAB06C}" = BeckOK Word AddIn
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"holasearch" = holasearch toolbar 
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-796827236-1285783300-878740325-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bandizip" = Bandizip
"f303b575f1279c6e" = BeckOK Autorensystem
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-796827236-1285783300-878740325-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f303b575f1279c6e" = BeckOK Autorensystem
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2013 17:53:03 | Computer Name = Mac | Source = MsiInstaller | ID = 11308
Description = 
 
Error - 14.04.2013 13:42:30 | Computer Name = Mac | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a9a4e Name des fehlerhaften Moduls: AppXDeploymentClient.dll, 
Version: 6.2.9200.16384, Zeitstempel: 0x501086e3 Ausnahmecode: 0xc0000005 Fehleroffset:
0x000000000001644f ID des fehlerhaften Prozesses: 0x3a8 Startzeit der fehlerhaften
Anwendung: 0x01ce3040c888600a Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\AppXDeploymentClient.dll Berichtskennung:
adb4d41d-a52a-11e2-be6f-c91654ab6dcd Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 11.05.2013 16:27:48 | Computer Name = Mac | Source = ESENT | ID = 489
Description = taskhostex (1364) Versuch, Datei "C:\Users\Erzähler\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 24.05.2013 15:37:14 | Computer Name = Mac | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Microsoft.Windows.Desktop“
ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 17.07.2013 15:21:00 | Computer Name = Mac | Source = System Restore | ID = 8193
Description = 
 
Error - 27.08.2013 10:14:08 | Computer Name = Mac | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error - 27.08.2013 10:14:24 | Computer Name = Mac | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error - 27.08.2013 10:14:30 | Computer Name = Mac | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error - 27.08.2013 10:14:36 | Computer Name = Mac | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error - 27.08.2013 10:14:42 | Computer Name = Mac | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
[ System Events ]
Error - 28.08.2013 06:29:55 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 28.08.2013 09:49:56 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 29.08.2013 07:42:27 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 29.08.2013 11:47:34 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 30.08.2013 11:22:14 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 31.08.2013 17:43:51 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 01.09.2013 11:14:08 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 01.09.2013 13:38:47 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 01.09.2013 15:31:16 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 02.09.2013 10:46:16 | Computer Name = Mac | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
 
< End of report >
         
--- --- ---

Alt 02.09.2013, 17:14   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Bprotector von sophos gefunden als Adware und in Quarantäne geschickt - Standard

Bprotector von sophos gefunden als Adware und in Quarantäne geschickt



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 02.09.2013, 17:23   #3
ratsucher
 
Bprotector von sophos gefunden als Adware und in Quarantäne geschickt - Standard

Bprotector von sophos gefunden als Adware und in Quarantäne geschickt



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04
Ran by Erzähler (ATTENTION: The logged in user is not administrator) on MAC on 02-09-2013 18:19:58
Running from C:\Users\Erzähler\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Verlag C.H.BECK) C:\Users\Erzähler\AppData\Local\Apps\2.0\L2NGZXLY.KV1\1HZKCKY2.HHZ\boka..tion_c11b86457b14c95a_0001.0000_4fe04cd981a79fea\BOKAutorensystem.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2011-03-25] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2011-03-25] (Realtek Semiconductor Corp.)
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-04-02] (Sophos Limited)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-01-25] (Sophos Limited)
AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [2699216 2013-08-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Erzähler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: holasearch Helper Object - {DFF9B2DA-EF99-4B26-83CB-7058299999D8} - C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\bh\holasearch.dll (holasearch.com)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Holasearch Toolbar - {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll (holasearch.com)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Erzähler\AppData\Roaming\Mozilla\Firefox\Profiles\t19fa6bf.default
FF NewTab: hxxp://www.holasearch.com/?babsrc=NT_ss&mntrId=682E462A60FA8BF0&affID=121963&tsp=4987
FF SearchEngineOrder.1: Hola Search
FF SelectedSearchEngine: Hola Search
FF Homepage: hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=682E462A60FA8BF0&affID=121963&tsp=4987
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@holasearch.com
FF HKLM-x32\...\Firefox\Extensions: [SeeSimilar@SeeSimilar.com] C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com

==================== Services (Whitelisted) =================

R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2838480 2013-08-13] ()
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-04-02] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-01-25] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-04-02] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-01-25] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-04-03] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-01-25] (Sophos Limited)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-01-25] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [36640 2013-01-25] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [25608 2013-01-25] (Sophos Plc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 18:19 - 2013-09-02 18:19 - 00000000 ____D C:\FRST
2013-09-02 17:54 - 2013-09-02 17:54 - 00059104 _____ C:\Users\Erzähler\Downloads\Extras.Txt
2013-09-02 17:53 - 2013-09-02 17:53 - 00111080 _____ C:\Users\Erzähler\Downloads\OTL.Txt
2013-09-02 17:34 - 2013-09-02 17:34 - 00602112 _____ (OldTimer Tools) C:\Users\Erzähler\Downloads\OTL.exe
2013-09-01 23:33 - 2013-09-01 23:48 - 00000000 ____D C:\Users\Erzähler\Documents\Agentur
2013-08-30 00:57 - 2013-08-30 00:57 - 00000000 ____D C:\Users\Erzähler\Documents\OneNote-Notizbücher
2013-08-29 20:46 - 2013-08-29 20:46 - 00272664 _____ (Trusteer Ltd.) C:\Users\Erzähler\Downloads\RapportSetup.exe
2013-08-28 11:46 - 2013-09-02 17:24 - 00000000 ____D C:\Users\Erzähler\Documents\Klagen
2013-08-27 23:28 - 2013-08-27 23:28 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-08-27 23:28 - 2013-08-27 23:28 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-08-27 16:22 - 2013-08-27 16:22 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-27 16:22 - 2013-08-27 16:22 - 00000000 ____D C:\Program Files (x86)\holasearch
2013-08-27 16:19 - 2013-08-27 16:19 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-08-27 16:19 - 2013-08-27 16:19 - 00000000 ____D C:\ProgramData\Babylon
2013-08-25 15:29 - 2013-08-25 15:29 - 00421880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-24 16:04 - 2013-08-24 16:04 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-24 16:04 - 2013-08-24 16:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-22 17:54 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-08-22 17:54 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-08-22 17:54 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-08-22 17:54 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-08-22 17:54 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-08-22 17:54 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-08-22 17:54 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-08-22 17:54 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-08-22 17:54 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-22 17:54 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-08-22 17:54 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-22 17:54 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-08-22 17:54 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-08-22 17:54 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-08-22 17:54 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-08-22 17:54 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-08-22 17:54 - 2013-07-03 01:51 - 04039680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-22 17:54 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-22 17:54 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-08-22 17:54 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-08-22 17:54 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-22 17:54 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-22 17:54 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-08-22 17:54 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-08-22 17:54 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-08-22 17:54 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-08-22 17:54 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-22 17:54 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-08-22 17:54 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-08-22 17:54 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-08-22 17:54 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-08-22 17:54 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-08-22 17:54 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-08-22 17:54 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-08-22 17:54 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-08-22 17:54 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-08-22 17:54 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-08-22 17:54 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-08-22 17:54 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-08-22 17:54 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-08-22 17:54 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-08-22 17:54 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-08-22 17:54 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-08-22 17:37 - 2013-08-22 17:38 - 00000000 ____D C:\Windows\system32\MRT
2013-08-22 16:46 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-22 16:46 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-22 16:07 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-22 16:07 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-22 16:07 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-22 16:07 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-22 16:07 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-22 16:07 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-22 16:07 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-22 16:07 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-22 16:07 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-22 16:07 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-22 16:07 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-22 16:07 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-22 16:07 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-22 16:07 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-22 16:07 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-22 16:07 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-22 16:07 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-22 16:07 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-22 16:07 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-22 16:07 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-22 16:07 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-22 16:07 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-22 16:07 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-22 16:06 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-22 16:06 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-22 16:06 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-22 16:06 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-22 16:06 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-22 16:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-22 16:06 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-22 16:06 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-22 14:29 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-22 14:29 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-22 14:29 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-22 14:29 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-22 14:29 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-22 14:29 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-22 14:29 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-22 14:29 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-22 14:29 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-22 13:57 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-22 13:57 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-22 13:55 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-21 13:43 - 2013-08-21 13:43 - 00000320 _____ C:\Users\Erzähler\Desktop\BeckOK Autorensystem.appref-ms

==================== One Month Modified Files and Folders =======

2013-09-02 18:19 - 2013-09-02 18:19 - 01951950 _____ (Farbar) C:\Users\Erzähler\Desktop\FRST64.exe
2013-09-02 18:19 - 2013-09-02 18:19 - 00000000 ____D C:\FRST
2013-09-02 17:54 - 2013-09-02 17:54 - 00059104 _____ C:\Users\Erzähler\Downloads\Extras.Txt
2013-09-02 17:53 - 2013-09-02 17:53 - 00111080 _____ C:\Users\Erzähler\Downloads\OTL.Txt
2013-09-02 17:47 - 2013-05-09 13:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 17:34 - 2013-09-02 17:34 - 00602112 _____ (OldTimer Tools) C:\Users\Erzähler\Downloads\OTL.exe
2013-09-02 17:24 - 2013-08-28 11:46 - 00000000 ____D C:\Users\Erzähler\Documents\Klagen
2013-09-02 17:10 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-02 16:04 - 2013-01-25 21:56 - 01587470 _____ C:\Windows\WindowsUpdate.log
2013-09-02 15:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-02 10:38 - 2013-07-17 22:09 - 00000000 ____D C:\Users\ERZHLE~1\AppData\Local\Beck'scher Online-Kommentar
2013-09-02 10:38 - 2013-07-17 21:41 - 00000000 ____D C:\Users\ERZHLE~1\AppData\Local\Deployment
2013-09-01 23:48 - 2013-09-01 23:33 - 00000000 ____D C:\Users\Erzähler\Documents\Agentur
2013-08-31 12:49 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-08-30 00:57 - 2013-08-30 00:57 - 00000000 ____D C:\Users\Erzähler\Documents\OneNote-Notizbücher
2013-08-30 00:57 - 2013-01-25 21:56 - 00000000 ___RD C:\Users\Erzähler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-29 20:46 - 2013-08-29 20:46 - 00272664 _____ (Trusteer Ltd.) C:\Users\Erzähler\Downloads\RapportSetup.exe
2013-08-29 12:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-28 23:36 - 2013-01-25 21:56 - 00000000 ____D C:\Users\ERZHLE~1\AppData\Local\Packages
2013-08-27 23:29 - 2013-05-11 22:12 - 00000000 ____D C:\Users\Admin
2013-08-27 23:28 - 2013-08-27 23:28 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-08-27 23:28 - 2013-08-27 23:28 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-08-27 16:31 - 2012-07-26 12:27 - 00715482 _____ C:\Windows\system32\perfh007.dat
2013-08-27 16:31 - 2012-07-26 12:27 - 00148046 _____ C:\Windows\system32\perfc007.dat
2013-08-27 16:31 - 2012-07-26 09:28 - 01654648 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-27 16:26 - 2013-01-25 20:40 - 00014858 _____ C:\Windows\PFRO.log
2013-08-27 16:26 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 16:22 - 2013-08-27 16:22 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-27 16:22 - 2013-08-27 16:22 - 00000000 ____D C:\Program Files (x86)\holasearch
2013-08-27 16:22 - 2013-05-09 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-27 16:19 - 2013-08-27 16:19 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-08-27 16:19 - 2013-08-27 16:19 - 00000000 ____D C:\ProgramData\Babylon
2013-08-27 11:35 - 2013-03-24 09:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-08-25 15:29 - 2013-08-25 15:29 - 00421880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-24 18:53 - 2013-07-17 21:32 - 00000000 ____D C:\Users\Erzähler\Desktop\Kommentar
2013-08-24 18:39 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-24 16:04 - 2013-08-24 16:04 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-24 16:04 - 2013-08-24 16:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-22 18:54 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-08-22 18:54 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-22 17:47 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-22 17:47 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-22 17:38 - 2013-08-22 17:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-22 17:37 - 2013-01-25 22:17 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-21 13:43 - 2013-08-21 13:43 - 00000320 _____ C:\Users\Erzähler\Desktop\BeckOK Autorensystem.appref-ms
2013-08-06 15:13 - 2013-04-14 18:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 15:13 - 2013-04-14 18:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

Files to move or delete:
====================
C:\Users\ERZHLE~1\AppData\Local\Temp\OfficeSetup.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\Setup64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\TouchURL.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{F510740F-F275-49B1-A88A-6FA68484C7DE}\ISSetup.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\{F510740F-F275-49B1-A88A-6FA68484C7DE}\setup.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{F510740F-F275-49B1-A88A-6FA68484C7DE}\_Setup.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\{AC76BA86-7AD7-1031-7B44-AB0000000001}\FixTransforms.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\dotnetinstaller.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\ISBEW64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\isrt.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\NvInstNT.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvuninst-amd64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvuninst-ia64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvuninst.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvupnp-amd64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvupnp-ia64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\nvupnpbr.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\_IsRes.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\_isressm.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\{7A5A1D52-E5FA-4897-ADEF-C77E5F2186A8}\{EFB7D050-CAD2-11D4-B34D-00105A1C23DD}\_ISUser.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\InstHelper.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\{4909BE93-AD77-4F29-91CB-D227485D5743}\ISBEW64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\SDIAG_b24188a4-3a75-4300-bc6f-d0e1576904c2\NetworkDiagnosticSnapIn.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\SDIAG_73843358-34a2-43ff-bd76-1ac555ef8e4d\NetworkDiagnosticSnapIn.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\crt\AVRemove.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\crt\AVRemoveW.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\crt\msvcr71.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\crt\Psapi.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\crt\w9xpopen.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\instmsiw.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\libeay32.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\msvcm80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\msvcp80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\msvcr80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\setup.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\SetupChs.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\SetupCht.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\SetupDeu.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\SetupEnu.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\SetupEsp.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\SetupFra.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\SetupIta.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\SetupJpn.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\ssleay32.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\conan.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\ConfigureSAV.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\osdp.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\rkdisk.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\savi.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\SavProxy.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\SDCDevCon.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\SDCDevConIA64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\SDCDevConx64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\SDCService.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Setup.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\sophos_detoured.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\sophos_detoured_ia64.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\sophos_detoured_x64.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\sophtlib.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\veex.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinXP_IA64\native.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinXP_IA64\SophosBootTasks.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinXP_i386\SophosBootTasks.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinXP_AMD64\native.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinXP_AMD64\SophosBootTasks.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinLH_IA64\native.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinLH_IA64\SophosBootTasks.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinLH_i386\SophosBootTasks.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinLH_AMD64\native.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\WinLH_AMD64\SophosBootTasks.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\winsxs\b2rg91xw.1p4\msvcm80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\winsxs\b2rg91xw.1p4\msvcp80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\winsxs\b2rg91xw.1p4\msvcr80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\winsxs\92rg91xw.1p4\msvcm80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\winsxs\92rg91xw.1p4\msvcp80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\winsxs\92rg91xw.1p4\msvcr80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\winsxs\73t3z6j5.7ag\ATL80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\winsxs\53t3z6j5.7ag\ATL80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\system32\ATL80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\system32\msvcm80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\system32\msvcp80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\system32\msvcr80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Windows\system32\Ansi\ATL80.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Win2K\SophosBootTasks.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\AuthorisedLists.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\BackgroundScanning.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\BHOManagement.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Categories.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\ComponentManager.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Configuration.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\DataControlManagement.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\DataControlPlugin.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\DCManagement.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\DesktopMessaging.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\DetectionFeedback.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\DeviceControlPlugin.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\DriveProcessor.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\EEConsumer.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\FilterProcessors.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\FSDecomposer.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\ICAdapter.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\ICManagement.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\ICProcessors.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\LegacyConsumers.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Localisation.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Logging.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Persistance.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\sav32cli.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavAdapter.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SAVCleanupService.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SAVControl.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavMain.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SAVMSCM.DLL
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavNeutralRes.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavPlugin.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavProgress.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavRes.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavResChs.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavResCht.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavResDeu.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavResEng.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavResEsp.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavResFra.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavResIt.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavResJap.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavShellExt.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavShellExtIa64.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SavShellExtX64.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\ScanEditExports.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\ScanEditFacade.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\ScanManagement.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Security.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SIPSManagement.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SophtainerAdapter.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SWIManagement.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\SystemInformation.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\TamperProtectionControl.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\TamperProtectionPlugin.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\ThreatDetection.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\ThreatManagement.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Translators.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\VirusDetection.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\WSC_X64\WSCClient.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\WSC_Win32\WSCClient.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\WSC_IA64\WSCClient.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter_64.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_ifslsp.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_ifslsp_64.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_lsp32_util.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_lspdiag.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_lspdiag_64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\SWCAdapter.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCMResChs.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCMResCht.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCMResDeu.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCMResEng.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCMResEsp.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCMResFra.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCMResIt.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCMResJap.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCPResChs.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCPResCht.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCPResDeu.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCPResEng.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCPResEsp.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCPResFra.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCPResIt.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WCPResJap.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WebControlMessaging.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\program files\Sophos\Sophos Anti-Virus\Web Control\WebControlPlugin.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\Common\Cisco Systems\CiscoTrustAgent\Plugins\Install\SAVPosturePlugin.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\ClassFilterDrivers\iA64\sdccoinstaller.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\ClassFilterDrivers\i386\sdccoinstaller.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\savxp\ClassFilterDrivers\AMD64\sdccoinstaller.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\setup.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ALMon.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ALsvc.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ALUpdate.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\AUAdapter.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\boost_date_time-vc71-mt-1_32.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ChannelUpdater.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\cidsync.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\config.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\crypto.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\EECustomActions.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\inetconn.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\InstlMgr.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ispsheet.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\libcurl.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\libeay32.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\Logger.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\MFC71.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\msvcp71.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\msvcr71.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\retailer.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\SAUConfigDLL.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\SingleGUIPlugin.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\swlocale.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\xmlcpp.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\xmlparse.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\xmltok.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_tw\ALMonres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_tw\iconfres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_tw\ilogres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_tw\ischdres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_tw\sharedres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_cn\ALMonres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_cn\iconfres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_cn\ilogres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_cn\ischdres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\zh_cn\sharedres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ja\almonres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ja\iconfres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ja\ilogres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ja\ischdres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\ja\sharedres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\it\ALMonres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\it\iconfres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\it\ilogres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\it\ischdres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\it\sharedres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\fr\almonres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\fr\iconfres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\fr\ilogres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\fr\ischdres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\fr\sharedres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\es\almonres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\es\iconfres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\es\ilogres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\es\ischdres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\es\sharedres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\en\almonres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\en\iconfres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\en\ilogres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\en\ischdres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\en\sharedres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\de\almonres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\de\iconfres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\de\ilogres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\de\ischdres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\sau\program files\Sophos\AutoUpdate\de\sharedres.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\crt\AVRemove.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\crt\AVRemoveW.exe
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\crt\msvcr71.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\crt\Psapi.dll
C:\Users\ERZHLE~1\AppData\Local\Temp\cid_packager_temp\crt\w9xpopen.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 04
Ran by Erzähler at 2013-09-02 18:20:31
Running from C:\Users\Erzähler\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Bandizip (HKCU Version: 3.04)
BeckOK Autorensystem (HKCU Version: 1.0.2.14)
BeckOK Word AddIn (x32 Version: 1.0.15)
BeckOK Word AddIn (x32 Version: 1.0.18)
BrowserDefender (x32)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
Classic Shell (Version: 3.6.7)
holasearch toolbar   (x32 Version: 1.8.16.16)
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4517.1509)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40314)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40309)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40309)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509)
QuickTime (x32 Version: 7.73.80.64)
rosoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40309)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============

2013-04-12 23:28 - 2013-04-12 23:28 - 01994752 _____ (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2013-01-25 23:22 - 2012-09-20 08:30 - 01743872 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\combase.dll
2013-08-22 17:54 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\WINMMBASE.dll
2013-01-25 23:25 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\SHCORE.DLL
2012-07-26 02:06 - 2012-07-26 05:05 - 00197632 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\LOGONCLI.DLL
2013-01-25 23:13 - 2013-01-25 23:11 - 00218256 _____ (Sophos Limited) C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL
2013-08-22 17:54 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WINMMBASE.dll
2013-01-25 23:25 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\SHCORE.dll
2013-01-25 23:25 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\SHCORE.dll
2013-01-25 23:22 - 2012-09-20 08:33 - 00699392 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.dll
2013-07-04 19:31 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\Bcp47Langs.dll
2013-07-04 19:31 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-01-25 23:25 - 2012-10-11 07:46 - 01395712 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
2012-07-26 01:33 - 2012-07-26 05:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
2012-07-26 01:54 - 2012-07-26 05:05 - 00171008 _____ (Microsoft Corporation) C:\Windows\System32\IDStore.dll
2013-05-24 22:43 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2012-07-26 04:06 - 2012-07-26 05:07 - 00119296 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\sppc.dll
2012-07-25 22:22 - 2011-06-14 03:40 - 07006824 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvwgf2umx.dll
2012-07-26 02:05 - 2012-07-26 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\dcomp.dll
2012-07-26 01:31 - 2012-07-26 05:08 - 00343552 _____ (Microsoft Corporation) C:\Windows\System32\wlidprov.dll
2012-07-26 01:55 - 2012-07-26 05:07 - 01161216 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\UIAutomationCore.dll
2012-07-26 01:24 - 2012-07-26 05:05 - 00186368 _____ (Microsoft Corporation) C:\Windows\System32\InputSwitch.dll
2012-07-26 02:04 - 2012-07-26 05:07 - 00046592 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\windows.globalization.fontgroups.dll
2012-07-26 01:22 - 2012-07-26 05:06 - 00601600 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll
2013-04-02 23:00 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2012-07-26 02:05 - 2012-07-26 05:07 - 00029184 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\wcmapi.dll
2013-01-25 23:13 - 2013-01-25 23:10 - 00131648 _____ (Sophos Limited) C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
2012-07-26 01:55 - 2012-07-26 05:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\DeviceSetupManagerAPI.dll
2012-07-26 01:33 - 2012-07-26 05:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\NetworkStatus.dll
2012-07-26 03:37 - 2012-07-26 05:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\NcaApi.dll
2012-07-26 01:54 - 2012-07-26 05:05 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\BluetoothApis.dll
2012-07-25 22:22 - 2012-06-02 22:25 - 01943624 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-07-21 19:10 - 2013-04-23 00:08 - 09808440 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
2012-07-25 22:13 - 2012-07-12 04:01 - 00856016 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\MSVCR110_CLR0400.dll
2013-07-05 14:46 - 2013-08-24 17:13 - 02328776 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
2013-03-24 09:17 - 2013-03-24 09:17 - 00158536 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ATL100.DLL
2013-06-24 21:20 - 2013-08-24 17:02 - 08922840 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1031\GrooveIntlResource.dll
2013-08-22 14:29 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\apprepapi.dll
2012-07-26 04:19 - 2012-07-26 05:06 - 00023040 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\pcacli.dll
2012-07-26 04:09 - 2012-07-26 05:07 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\qmgrprxy.dll
2012-07-26 02:12 - 2012-07-26 06:55 - 01326784 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\webservices.dll
2012-07-26 02:21 - 2012-07-26 05:06 - 00216576 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\prnntfy.dll
2012-07-26 04:32 - 2012-07-26 05:06 - 00572416 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\msvcp60.dll
2012-07-26 01:30 - 2012-07-26 05:07 - 00187392 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\puiapi.dll
2012-07-26 01:19 - 2012-07-26 05:06 - 01164800 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\printui.dll
2012-07-26 02:37 - 2012-07-26 05:07 - 00458240 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2012-07-26 02:59 - 2012-07-26 05:05 - 00465408 _____ (Microsoft Corporation) C:\Windows\System32\dlnashext.dll
2013-04-14 18:39 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2012-07-26 02:35 - 2012-07-26 05:07 - 04243456 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2012-07-26 04:33 - 2012-07-26 04:33 - 00629760 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\UIRibbonRes.dll
2013-04-14 18:39 - 2013-03-02 04:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll
2013-01-25 23:08 - 2013-01-25 23:08 - 00554128 _____ (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll
2012-07-26 02:33 - 2012-07-26 05:07 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\systemcpl.dll
2012-07-26 02:03 - 2012-07-26 05:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\WINBRAND.dll
2013-01-25 23:22 - 2012-09-20 08:33 - 01304064 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll
2013-01-25 23:25 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\shcore.dll
2013-01-25 23:13 - 2013-06-24 20:37 - 02059256 _____ (Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_filter_64.dll
2012-07-26 03:37 - 2012-07-26 05:05 - 00531456 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\IEUI.dll
2012-07-26 02:10 - 2012-07-26 05:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\DPAPI.dll
2012-07-26 02:08 - 2012-07-26 05:06 - 00205312 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\NTASN1.dll
2013-01-25 22:07 - 2012-11-26 06:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2012-07-26 03:21 - 2012-07-26 05:06 - 02109440 _____ (Microsoft Corporation) C:\Windows\System32\NLSData0007.dll
2012-07-26 01:57 - 2012-07-26 05:07 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\vaultcli.dll
2013-01-25 23:22 - 2012-09-20 08:33 - 00866304 _____ (Microsoft Corporation) C:\Windows\System32\WinTypes.dll
2012-07-26 01:28 - 2012-07-26 05:05 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-04 19:31 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\System32\Bcp47Langs.dll
2012-07-26 04:34 - 2012-07-26 04:34 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll
2012-07-26 04:19 - 2012-07-26 05:06 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\pcacli.dll
2012-07-26 10:14 - 2013-06-28 00:05 - 00537464 _____ (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.dll
2012-07-26 01:32 - 2012-07-26 05:06 - 00049664 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\PrintIsolationProxy.dll
2013-04-02 23:00 - 2013-02-02 13:04 - 02676736 _____ (Microsoft Corporation) C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_3cfd0cd4f058da8e\Amd64\PrintConfig.dll
2012-07-26 03:48 - 2012-07-26 05:06 - 00150016 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\prntvpt.dll
2013-01-25 23:27 - 2012-11-06 06:18 - 00914432 _____ (Microsoft Corporation) C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_70804bc81126e090\Amd64\mxdwdrv.dll
2012-07-26 02:35 - 2012-07-26 05:06 - 01752064 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\opcservices.dll
2012-07-26 01:31 - 2012-07-26 05:08 - 02974208 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\xpsservices.dll
2013-01-25 22:07 - 2012-11-08 06:20 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\FontSub.dll
2013-01-25 23:22 - 2012-09-20 08:32 - 01019392 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.dll
2013-01-25 23:25 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\System32\SHCORE.dll
2012-07-26 02:06 - 2012-07-26 05:06 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Msidle.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Built-in iSight
Description: Built-in iSight
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Coprozessor
Description: Coprozessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth USB Host Controller
Description: Bluetooth USB Host Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2013 04:14:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/27/2013 04:14:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/27/2013 04:14:30 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/27/2013 04:14:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/27/2013 04:14:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/17/2013 09:21:00 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (05/24/2013 09:37:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Mac)
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Microsoft.Windows.Desktop“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (05/11/2013 10:27:48 PM) (Source: ESENT) (User: )
Description: taskhostex (1364) Versuch, Datei "C:\Users\Erzähler\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (04/14/2013 07:42:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: AppXDeploymentClient.dll, Version: 6.2.9200.16384, Zeitstempel: 0x501086e3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001644f
ID des fehlerhaften Prozesses: 0x3a8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (04/02/2013 11:53:03 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Sophos Anti-Virus -- Fehler 1308. Die Quelldatei wurde nicht gefunden: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe. Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen können.


System errors:
=============
Error: (09/02/2013 04:46:16 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (09/01/2013 09:31:16 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (09/01/2013 07:38:47 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (09/01/2013 05:14:08 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (08/31/2013 11:43:51 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (08/30/2013 05:22:14 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (08/29/2013 05:47:34 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (08/29/2013 01:42:27 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (08/28/2013 03:49:56 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (08/28/2013 00:29:55 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4


Microsoft Office Sessions:
=========================
Error: (08/27/2013 04:14:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe

Error: (08/27/2013 04:14:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe

Error: (08/27/2013 04:14:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe

Error: (08/27/2013 04:14:24 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe

Error: (08/27/2013 04:14:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erzähler\Desktop\SoftonicDownloader_fuer_netstumbler.exe

Error: (07/17/2013 09:21:00 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/24/2013 09:37:14 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Mac)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.Windows.Desktop-2144927148

Error: (05/11/2013 10:27:48 PM) (Source: ESENT)(User: )
Description: taskhostex1364C:\Users\Erzähler\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (04/14/2013 07:42:30 PM) (Source: Application Error)(User: )
Description: svchost.exe6.2.9200.16420505a9a4eAppXDeploymentClient.dll6.2.9200.16384501086e3c0000005000000000001644f3a801ce3040c888600aC:\Windows\system32\svchost.exeC:\Windows\System32\AppXDeploymentClient.dlladb4d41d-a52a-11e2-be6f-c91654ab6dcd

Error: (04/02/2013 11:53:03 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Produkt: Sophos Anti-Virus -- Fehler 1308. Die Quelldatei wurde nicht gefunden: C:\ProgramData\Sophos\AutoUpdate\cache\savxp\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe. Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3830.63 MB
Available physical RAM: 1840.64 MB
Total Pagefile: 4470.63 MB
Available Pagefile: 2088.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.25 GB) (Free:30.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Danke für Deine Hilfe!
__________________

Alt 02.09.2013, 19:21   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Bprotector von sophos gefunden als Adware und in Quarantäne geschickt - Standard

Bprotector von sophos gefunden als Adware und in Quarantäne geschickt



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.09.2013, 20:17   #5
ratsucher
 
Bprotector von sophos gefunden als Adware und in Quarantäne geschickt - Standard

Bprotector von sophos gefunden als Adware und in Quarantäne geschickt



mmh, Misserfolg.

1.Ich kann Sophos nicht deaktivieren, also habe ich Sophos zuerst deinstalliert. Damit ja wohl auch die Quarantäne, in der der Virus (?) war, ist das schlimm?

2. Jetzt bin ich nackt im Internet. Habe gar keinen Virusschutz im Moment. Ist das ok oder soll ich sophos wieder installieren?

3. Ich habe Combofix laufen lassen. Immer wieder Fehlermeldungen. Zuletzt dreimal, dass das Hilfsprogramm "Find String" nicht laufe. Die combofix.txt habe ich nicht gefunden. Sollte die auf dem Desktop liegen oder wurde die Datei wegen des Systemsfehlers vllt. gar nicht angelegt?


Alt 03.09.2013, 07:35   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Bprotector von sophos gefunden als Adware und in Quarantäne geschickt - Standard

Bprotector von sophos gefunden als Adware und in Quarantäne geschickt



Die liegt wie angegeben unter C. Installier nen AV Programm und poste ein frisches FRST log bitte.
__________________
--> Bprotector von sophos gefunden als Adware und in Quarantäne geschickt

Antwort

Themen zu Bprotector von sophos gefunden als Adware und in Quarantäne geschickt
adobe reader xi, adware, autorun, bho, error, excel, firefox, firefox 23.0.1, flash player, format, gefährlich?, google, helper, homepage, iexplore.exe, install.exe, logfile, monitor, mozilla, msiexec.exe, msiinstaller, object, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, udp, windows




Ähnliche Themen: Bprotector von sophos gefunden als Adware und in Quarantäne geschickt


  1. Viren (APPL/RedCap (Cloud), SPR/Agent.dkb, TR/Drop.Rotbrow.K.1, ADWARE/InstallCore.Gen7 und zweimal ADWARE/BHO.Bprotector.1.4).
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (7)
  2. Adware/Graftor.151675.8 von Avira gefunden und in Quarantäne verschoben (Windows 8), Probleme verschwunden, weitere Schritte?
    Log-Analyse und Auswertung - 15.10.2014 (9)
  3. ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen
    Log-Analyse und Auswertung - 26.09.2014 (11)
  4. Laptop beim Starten sehr langsam, ADWARE/InstallCore.Gen9 gefunden ->in Quarantäne
    Plagegeister aller Art und deren Bekämpfung - 11.09.2014 (19)
  5. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  6. TR/BProtector.gen, nach verschieben in Quarantäne(Avira), Bluescreen und neustart wegen verschiedener Gründe
    Log-Analyse und Auswertung - 10.04.2014 (11)
  7. TR/BProtector.gen2 durch Quarantäne und Systemwiederherstellung entfernt? [Windows 7]
    Log-Analyse und Auswertung - 10.04.2014 (7)
  8. Aktive Malware in meinem System gefunden? Objekt: svchost.exe Fund: ADWARE/Eprotektor.E --> In Quarantäne --->Bluescreen
    Log-Analyse und Auswertung - 07.12.2013 (12)
  9. ADWARE/BProtector.E bei mir
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (5)
  10. Adware/BProtector.E gefunden
    Log-Analyse und Auswertung - 05.12.2013 (5)
  11. ADWARE/BProtector.E gefunden!
    Log-Analyse und Auswertung - 03.12.2013 (1)
  12. BHO.Bprotector.1.2 und Adware.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (5)
  13. Adware.BProtector gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.10.2013 (13)
  14. Norton meldet Trojan.Zeroaccess:Malwarebytes hat ihn in Quarantäne geschickt?
    Log-Analyse und Auswertung - 26.08.2013 (19)
  15. Adware.DomaIQ gefunden und in Quarantäne, Googel-ergebnisse führen auf fremde Seiten!
    Log-Analyse und Auswertung - 05.07.2013 (21)
  16. bprotector adware gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (19)
  17. Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung
    Log-Analyse und Auswertung - 06.02.2013 (3)

Zum Thema Bprotector von sophos gefunden als Adware und in Quarantäne geschickt - Hallo freundliche Helfer, habe gerade von Sophos die Meldung erhalten, dass es Bprotector entdeckt hat und in Quarantäne geschickt hat. Es wird von Sophos als Adware eingeordnet. Bei Google aber - Bprotector von sophos gefunden als Adware und in Quarantäne geschickt...
Archiv
Du betrachtest: Bprotector von sophos gefunden als Adware und in Quarantäne geschickt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.