| |
| |||||||
Log-Analyse und Auswertung: weDownload Manager Pro - Spyware/AdwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.12.2013, 02:14
| #1 |
 |  weDownload Manager Pro - Spyware/Adware Hallo liebe Community! Ich habe mir vor ein paar Tagen einen neues Notebook gekauft und natürlich erstmal diverse Software installiert (also so Standardsachen wie Firefox, OpenOffice usw.). Außerdem habe ich danach vom Hersteller mitgelieferte Software deinstalliert. Dabei hab ich auch das im Titel genannte "weDownload Manager Pro" deinstalliert, da ich dachte es wäre auch bei der mitgelieferten Software dabei gewesen. Ich habe ebenfalls manuell noch übrig gebliebene Daten im bezug auf die Spyware gelöscht. Im nachhinein habe ich dann festgestellt, dass meine Firefox Einstellungen verändert waren und bin stutzig geworden. Ich habe dann nach einer kleinen Google Suche auch recht schnell festgestellt, dass es sich bei diesem weDownload Manager Pro um Spyware handelt, die ich mir wohl über Download von Open Office geholt habe. (Dabei habe ich aus versehen OpenOffice nicht von der offiziellen Seite geladen, was mir zuerst nicht weiter aufgefallen ist.) tl;dr AntiVir hatte die Spyware überhaupt nicht bemerkt, habe also keine Meldung bekommen, sondern bin durch Zufall darauf gestoßen, dass es sich dabei um Spyware handelt. Außerdem habe ich leider wie gesagt die Software schon entfernt. Ich bin mir nun aber nicht sicher, ob die Spyware wirklich komplett entfernt worden ist oder ob mein Notebook noch infiziert ist. Ich hoffe ihr könnt mir bei dieser Frage helfen. Betriebssystem: Windows 8 64bit OTL Log: Code:
ATTFilter OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) 7,73 Gb Total Physical Memory | 5,11 Gb Available Physical Memory | 66,17% Memory free 12,23 Gb Paging File | 9,46 Gb Available in Paging File | 77,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 891,46 Gb Total Space | 844,57 Gb Free Space | 94,74% Space Free | Partition Type: NTFS Drive D: | 25,00 Gb Total Space | 21,69 Gb Free Space | 86,78% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.12.22 20:26:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe PRC - [2013.12.16 10:09:22 | 004,180,256 | ---- | M] (Conduit) -- C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng .exe PRC - [2013.12.16 10:09:22 | 002,849,056 | ---- | M] (Conduit) -- C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe PRC - [2013.12.16 10:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe PRC - [2013.12.10 03:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2013.12.10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2013.12.09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.12.09 11:37:18 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.12.09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.12.05 20:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.16 15:44:06 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.05.15 18:08:46 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2013.05.15 18:08:14 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2013.05.15 18:08:14 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2013.04.30 11:25:22 | 000,286,704 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2013.04.30 11:25:22 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2013.04.09 07:39:08 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit64.exe PRC - [2013.03.18 14:25:26 | 001,161,592 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2013.03.18 14:25:08 | 001,124,728 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2013.03.11 09:17:24 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe PRC - [2013.03.08 14:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe PRC - [2013.03.07 11:57:42 | 000,650,528 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe PRC - [2012.12.13 21:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2012.10.30 19:11:32 | 000,168,464 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe ========== Modules (No Company Name) ========== MOD - [2013.12.22 04:06:54 | 007,561,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xm l.ni.dll MOD - [2013.12.22 04:06:49 | 012,700,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\2d9010a9c3383246084e5c8c2139e848 \System.Windows.Forms.ni.dll MOD - [2013.12.22 04:06:43 | 019,536,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel\fb7e8e5205521667b90b236775b55173\ System.ServiceModel.ni.dll MOD - [2013.12.22 04:06:32 | 002,786,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Runteb92aa12#\cf7db4fae047127374f220b4f59bea45 \System.Runtime.Serialization.ni.dll MOD - [2013.12.22 04:06:29 | 001,631,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\f39c1d8f6b4eddaa2071f4caf91d67b1\Syste m.Drawing.ni.dll MOD - [2013.12.22 04:06:24 | 000,958,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\3747278c968304a6543a662999df4e5e \System.Configuration.ni.dll MOD - [2013.12.22 04:06:08 | 006,998,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\56ba21e6081df374de2d8f78fea61d59\System.C ore.ni.dll MOD - [2013.12.22 04:06:05 | 009,937,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll MOD - [2013.12.22 04:06:00 | 016,544,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\msc orlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni .dll MOD - [2013.12.22 02:12:58 | 002,959,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.IdentityModel\076f4b96562bcb28f5f968d8757faec8 \System.IdentityModel.ni.dll MOD - [2013.12.22 02:12:53 | 000,802,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Servd1dec626#\9a4fc56833542881e7e451a099562655 \System.ServiceModel.Internals.ni.dll MOD - [2013.12.22 02:12:53 | 000,121,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMD iagnostics\89cc9825811c2121acd4e2e12c0ef044\SMDiag nostics.ni.dll MOD - [2013.12.05 20:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.04.09 07:39:08 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit64.exe MOD - [2013.03.11 09:17:24 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe MOD - [2013.03.07 11:58:16 | 000,499,488 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll MOD - [2013.03.07 11:55:12 | 000,472,576 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll MOD - [2013.03.07 11:54:20 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll MOD - [2013.03.07 11:53:58 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll MOD - [2010.12.17 11:56:54 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll MOD - [2010.12.17 11:56:54 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll MOD - [2010.12.17 11:56:54 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll MOD - [2010.12.17 11:56:54 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll MOD - [2010.12.17 11:56:54 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll MOD - [2010.12.17 11:56:54 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll MOD - [2010.12.16 11:16:56 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll MOD - [2010.01.17 22:34:58 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll MOD - [2010.01.12 15:55:18 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll MOD - [2010.01.12 15:55:18 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.10.19 08:54:19 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.10.19 08:54:19 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013.06.24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2013.06.01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013.04.09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConf ig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.12.16 10:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc) SRV - [2013.12.10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2013.12.10 03:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV - [2013.12.09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.12.09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService) SRV - [2013.12.09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.12.05 20:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.10.19 00:06:22 | 000,068,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe -- (VeriFaceSrv) SRV - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.08.28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2013.08.28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2013.08.28 16:23:40 | 000,626,416 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2013.08.28 16:23:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2013.07.30 14:29:36 | 000,834,664 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0319741387681597mcinst.exe -- (0319741387681597mcinstcleanup) SRV - [2013.05.28 14:37:36 | 000,101,536 | ---- | M] (Intel) [Auto | Running] -- C:\Programme\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe -- (BrcmSetSecurity) SRV - [2013.05.20 08:34:40 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013.05.15 18:08:46 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013.05.15 18:08:14 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2013.05.15 18:08:14 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2013.05.03 10:29:34 | 000,099,632 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Programme\Elantech\ETDService.exe -- (ETDService) SRV - [2013.04.30 11:25:22 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2013.04.15 12:39:56 | 000,161,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel(R) SRV - [2013.03.18 14:25:26 | 001,161,592 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2013.03.18 14:25:08 | 001,124,728 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2013.02.13 11:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV - [2013.02.13 11:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.12.13 21:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012.12.13 21:18:48 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfi g.dll -- (PrintNotify) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.12.09 11:37:19 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.12.09 11:37:19 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\avnetflt.sys -- (avnetflt) DRV:64bit: - [2013.12.09 11:37:19 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.12.09 11:37:18 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.12.05 09:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2013.10.19 08:55:14 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.10.19 08:55:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.10.19 08:54:19 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.10.19 08:54:19 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.10.19 00:06:29 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2013.10.19 00:06:29 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2013.10.08 22:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64) DRV:64bit: - [2013.07.19 09:58:26 | 008,247,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtsuvc.sys -- (rtsuvc) DRV:64bit: - [2013.07.09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2013.07.02 02:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.07.02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.07.02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013.06.29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.06.10 22:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2013.06.01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.05.28 14:37:28 | 000,206,744 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub) DRV:64bit: - [2013.05.28 14:37:28 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2013.05.28 14:37:28 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2013.05.16 11:24:32 | 000,374,536 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2013.05.16 11:24:32 | 000,022,280 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETDSMBus.sys -- (ETDSMBus) DRV:64bit: - [2013.05.15 18:08:14 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.05.08 01:25:22 | 000,442,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2013.05.08 01:22:41 | 004,431,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2013.04.30 11:25:00 | 000,677,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2013.04.14 22:37:26 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013.04.11 01:13:20 | 000,165,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2013.03.28 12:47:00 | 001,366,328 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2013.03.25 11:42:52 | 000,132,920 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2013.03.22 04:06:30 | 000,091,368 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GeneStor.sys -- (GeneStor) DRV:64bit: - [2013.03.02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 11:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.01.15 14:44:28 | 000,069,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.19 10:34:56 | 000,118,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.06.13 16:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2012.06.02 15:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2012.06.02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress) DRV - [2013.12.22 18:46:38 | 000,027,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\Temp\GPUZ.sys -- (GPUZ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {770B0D2D-1E28-4117-A3E0-216E377E6B44} IE:64bit: - HKLM\..\SearchScopes\{770B0D2D-1E28-4117-A3E0-216E377E6B44}: "URL" = h**p://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=L CJB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {770B0D2D-1E28-4117-A3E0-216E377E6B44} IE - HKLM\..\SearchScopes\{770B0D2D-1E28-4117-A3E0-216E377E6B44}: "URL" = h**p://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=L CJB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://lenovo13.msn.com/?pc=LCJB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = h**p://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = h**p://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://h**p://search.conduit.com/?ct...EB85E85E&SSPV= IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = h**p://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID &SearchSource=58&CUI=&UM=2&UP=SPC07500AC-E408-41EB-83D8-2BBCEB85E85E&q={searchTerms}&SSPV= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_90 0_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_90 0_170.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.22 19:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2013.12.22 19:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.22 19:27:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtsFT] C:\WINDOWS\RTFTrack.exe (Realtek semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [UMonit64] C:\Windows\SysWOW64\UMonit64.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{14F0F55E-5B5E-4F46-A1A2-6711C0F27DB0}: DhcpNameServer = 150.203.1.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{AD9323C1-0B91-4E95-A7F3-746E96BB453B}: DhcpNameServer = 192.168.1.254 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC6 4Loader.dll) - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll (Conduit) O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC3 2Loader.dll) - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32 Loader.dll (Conduit) O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.12.22 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Mozilla [2013.12.22 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Mozilla [2013.12.22 19:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.12.22 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.12.22 18:58:17 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1 [2013.12.22 18:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4 [2013.12.22 18:25:27 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\PCMark 8 [2013.12.22 18:21:02 | 000,000,000 | ---D | C] -- C:\Temp [2013.12.22 18:19:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\IsolatedStorage [2013.12.22 18:19:31 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\3DMark [2013.12.22 18:17:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\WinRAR [2013.12.22 18:17:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\WinRAR [2013.12.22 18:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.12.22 18:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.12.22 18:08:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\SearchProtect [2013.12.22 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect [2013.12.22 16:26:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Activision [2013.12.22 03:33:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2013.12.22 03:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2013.12.22 03:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2013.12.22 03:13:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Macromedia [2013.12.22 03:08:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Adobe [2013.12.22 03:02:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\vlc [2013.12.22 02:56:42 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Avatar [2013.12.22 02:52:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\CyberLink [2013.12.22 02:52:53 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Youcam [2013.12.22 02:52:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CyberLink [2013.12.22 02:42:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\NVIDIA [2013.12.22 02:42:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Programs [2013.12.22 02:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.12.22 02:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.12.22 02:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.12.22 02:31:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Diagnostics [2013.12.22 02:20:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Nitro [2013.12.22 02:18:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Intel_Corporation [2013.12.22 02:13:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\NVIDIA Corporation [2013.12.22 02:12:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\NVIDIA [2013.12.22 02:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.12.22 02:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.12.22 02:07:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Intel Corporation [2013.12.22 02:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management [2013..12.22 02:06:27 | 000,000,000 | R--D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup [2013.12.22 02:06:27 | 000,000,000 | R--D | C] -- C:\Users\****\Searches [2013.12.22 02:06:27 | 000,000,000 | R--D | C] -- C:\Users\****\Contacts [2013.12.22 02:06:27 | 000,000,000 | R--D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Administrative Tools [2013.12.22 02:06:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Macromedia [2013.12.22 02:06:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Adobe [2013.12.22 02:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay [2013.12.22 02:05:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\VirtualStore [2013.12.22 02:05:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Packages [2013.12.22 02:05:22 | 000,000,000 | --SD | C] -- C:\Users\****\AppData\Roaming\Microsoft [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Videos [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\System Tools [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Saved Games [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Pictures [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Music [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Links [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Favorites [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Downloads [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Documents [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\Desktop [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories [2013.12.22 02:05:22 | 000,000,000 | R--D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessibility [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Vorlagen [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Local\Verlauf [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Local\Temporary Internet Files [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Startmenü [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\SendTo [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Recent [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Netzwerkumgebung [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Lokale Einstellungen [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Documents\Eigene Videos [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Documents\Eigene Musik [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Eigene Dateien [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Documents\Eigene Bilder [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Druckumgebung [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Cookies [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Local\Anwendungsdaten [2013.12.22 02:05:22 | 000,000,000 | -HSD | C] -- C:\Users\****\Anwendungsdaten [2013.12.22 02:05:22 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData [2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Temp [2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\Roaming [2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft [2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Maintenance [2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Lenovo [2013.12.22 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Intel [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Programme [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.12.22 01:48:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.12.22 00:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT [2013.12.21 22:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.12.21 22:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.12.21 22:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.12.21 22:31:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Avira [2013.12.21 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.12.21 22:29:28 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2013.12.21 22:29:28 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys [2013.12.21 22:29:28 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2013.12.21 22:29:28 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2013.12.21 22:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.12.21 22:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira ========== Files - Modified Within 30 Days ========== [2013.12.22 20:43:20 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.12.22 19:27:13 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.12.22 19:21:55 | 000,008,506 | ---- | M] () -- C:\Users\****\Documents\cc_20131222_192152.reg [2013.12.22 19:21:42 | 000,068,442 | ---- | M] () -- C:\Users\****\Documents\cc_20131222_192130.reg [2013.12.22 18:46:39 | 000,000,022 | ---- | M] () -- C:\WINDOWS\GPU-Z.INI [2013.12.22 16:27:12 | 001,748,838 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013.12.22 16:27:12 | 000,754,172 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2013.12.22 16:27:12 | 000,711,282 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013.12.22 16:27:12 | 000,156,362 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2013.12.22 16:27:12 | 000,133,150 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013.12.22 03:55:54 | 2342,322,175 | -HS- | M] () -- C:\hiberfil.sys [2013.12.22 03:55:18 | 000,002,560 | ---- | M] () -- C:\WINDOWS\SysNative\VfService.trf [2013.12.22 02:07:08 | 000,001,129 | ---- | M] () -- C:\Users\****\Desktop\Cyberlink Power2Go.lnk [2013.12.22 02:06:33 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.12.22 02:06:04 | 000,000,139 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url [2013.12.21 22:42:13 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.12.21 22:22:06 | 000,007,609 | ---- | M] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2013.12.09 11:37:19 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2013.12.09 11:37:19 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2013.12.09 11:37:19 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2013.12.09 11:37:18 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2013.12.22 19:27:13 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.12.22 19:27:13 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.12.22 19:21:54 | 000,008,506 | ---- | C] () -- C:\Users\****\Documents\cc_20131222_192152.reg [2013.12.22 19:21:39 | 000,068,442 | ---- | C] () -- C:\Users\****\Documents\cc_20131222_192130.reg [2013.12.22 18:21:01 | 000,000,022 | ---- | C] () -- C:\WINDOWS\GPU-Z.INI [2013.12.22 03:20:57 | 000,386,923 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2013.12.22 02:06:24 | 000,001,449 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Internet Explorer.lnk [2013.12.22 02:06:04 | 000,000,139 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url [2013.12.22 02:05:22 | 000,001,129 | ---- | C] () -- C:\Users\****\Desktop\Cyberlink Power2Go.lnk [2013.12.22 02:05:22 | 000,000,189 | ---- | C] () -- C:\Users\****\Desktop\Lenovo Telephony Start Now.url [2013.12.21 22:42:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.12.21 22:42:13 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.12.21 22:22:06 | 000,007,609 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2013.10.19 00:02:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013.10.18 23:46:44 | 000,172,097 | ---- | C] () -- C:\WINDOWS\SysWow64\NoMSGuninstall.exe [2013.10.18 23:46:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SysWow64\UMonit64.exe [2013.10.18 23:46:44 | 000,001,519 | ---- | C] () -- C:\WINDOWS\SysWow64\_IconCfg0.ini [2013.10.18 23:46:44 | 000,000,911 | ---- | C] () -- C:\WINDOWS\SysWow64\ProductName.ini [2013.10.18 23:46:44 | 000,000,213 | ---- | C] () -- C:\WINDOWS\SysWow64\IconCfg0.ini [2013.10.18 23:33:46 | 001,774,862 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2013.05.23 16:57:14 | 019,587,072 | ---- | C] () -- C:\WINDOWS\SysWow64\igdfcl32.dll [2013.05.23 16:57:09 | 000,240,640 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2013.05.23 16:57:09 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll [2013.03.25 22:10:34 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2013.02.13 11:27:54 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2012.07.25 21:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin [2012.07.25 21:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.12.22 18:06:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.08.02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.08.02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.12.22 02:20:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences < End of report > Habe deswegen schon einen weiteren Schritt ausgeführt: adwCleaner laufen lassen und mit Mbam mal suchen. Hier die dazugehörigen Logs: AdwCleaner: 1. Durchlauf AdwCleaner[R0] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 23/12/2013 um 00:40:27
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Downloads\adwcleaner_3.0.1.5.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : CltMngSvc
***** [ Dateien / Ordner ] *****
Ordner Gefunden C:\Program Files (x86)\Searchprotect
Ordner Gefunden C:\Users\****\AppData\Local\Searchprotect
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32 Loader.dll
Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKCU\Software\WEDLMNGR
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\WEDLMNGR
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SearchProtect
Schlüssel Gefunden : HKLM\Software\SearchProtect
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16660
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSourc e=55&CUI=&UM=2&UP=SPC07500AC-E408-41EB-83D8-2BBCEB85E85E&SSPV=
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Prof iles\ie52kiif.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1941 octets] - [23/12/2013 00:40:27]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2001 octets] ##########
AdwCleaner[S0] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 23/12/2013 um 00:42:10
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Downloads\adwcleaner_3.0.1.5.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : CltMngSvc
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Searchprotect
Ordner Gelöscht : C:\Users\****\AppData\Local\Searchprotect
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\WEDLMNGR
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SearchProtect
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32 Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16660
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Prof iles\ie52kiif.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2097 octets] - [23/12/2013 00:40:27]
AdwCleaner[S0].txt - [1663 octets] - [23/12/2013 00:42:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1723 octets] ##########
Ein weiterer Durchlauf, nachdem der 1. gelaufen ist und "Löschen" ausgeführt wurde: AdwCleaner[R1] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 23/12/2013 um 00:48:18
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Downloads\adwcleaner_3.0.1.5.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Prof iles\ie52kiif.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2097 octets] - [23/12/2013 00:40:27]
AdwCleaner[R1].txt - [698 octets] - [23/12/2013 00:48:18]
AdwCleaner[S0].txt - [1807 octets] - [23/12/2013 00:42:10]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [817 octets] ##########
[/code] AdwCleaner[S1] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 23/12/2013 um 00:48:35
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : **** - ****
# Gestartet von : C:\Users\****\Downloads\adwcleaner_3.0.1.5.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Prof iles\ie52kiif.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2097 octets] - [23/12/2013 00:40:27]
AdwCleaner[R1].txt - [896 octets] - [23/12/2013 00:48:18]
AdwCleaner[S0].txt - [1807 octets] - [23/12/2013 00:42:10]
AdwCleaner[S1].txt - [818 octets] - [23/12/2013 00:48:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [877 octets] ##########
Mbam Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.22.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 **** :: **** [Administrator] 23.12.2013 00:55:45 MBAM-log-2013-12-23 (01-49-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 443073 Laufzeit: 47 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 15 C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.v ir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe .vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.v ir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader .dll.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.v ir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader .dll.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\****\AppData\Local\Temp\nsa5811.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\****\AppData\Local\Temp\nsc69F5.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\****\AppData\Local\Temp\nsp5699.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\****\AppData\Local\Temp\nsr68CB.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Users\****\AppData\Local\Temp\sp_downloader.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. (Ende) Grüße, neear |
|
23.12.2013, 07:52
| #2 |
| /// the machine /// TB-Ausbilder    | weDownload Manager Pro - Spyware/Adware hi,
__________________Thema bei Chip beenden. Crossposting is nit nett  MBAM Funde löschen lassen. Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
23.12.2013, 14:58
| #3 |
| | weDownload Manager Pro - Spyware/Adware Okay, danke
__________________JRT Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by **** on 23.12.2013 at 14:34:33,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\ie52kiif.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.12.2013 at 14:39:05,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01
Ran by **** (administrator) on SA**** on 23-12-2013 14:46:02
Running from C:\Users\****\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [UMonit64] - C:\Windows\SysWOW64\UMonit64.exe [40960 2013-04-09] ()
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-10-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [193008 2013-10-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-04-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll [201576 2013-04-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {770B0D2D-1E28-4117-A3E0-216E377E6B44} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM - {770B0D2D-1E28-4117-A3E0-216E377E6B44} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {770B0D2D-1E28-4117-A3E0-216E377E6B44} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - {770B0D2D-1E28-4117-A3E0-216E377E6B44} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ie52kiif.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-05-03] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-19] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic)
S3 GPUZ; C:\WINDOWS\TEMP\GPUZ.sys [27008 2013-12-22] ()
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-23 14:46 - 2013-12-23 14:46 - 00013276 _____ C:\Users\****\Downloads\FRST.txt
2013-12-23 14:45 - 2013-12-23 14:45 - 00000000 ____D C:\FRST
2013-12-23 14:39 - 2013-12-23 14:39 - 00000741 _____ C:\Users\****\Desktop\JRT.txt
2013-12-23 14:34 - 2013-12-23 14:34 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-23 13:48 - 2013-12-23 13:48 - 01928280 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-12-23 13:45 - 2013-12-23 13:45 - 01034531 _____ (Thisisu) C:\Users\****\Downloads\JRT_6.0.8.exe
2013-12-23 00:54 - 2013-12-23 00:54 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\Users\****\AppData\Roaming\Malwarebytes
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 00:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-23 00:50 - 2013-12-23 00:50 - 00307760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-23 00:43 - 2013-12-23 00:47 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2013-12-23 00:40 - 2013-12-23 00:48 - 00000000 ____D C:\AdwCleaner
2013-12-23 00:34 - 2013-12-23 00:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 22:40 - 2013-12-22 22:41 - 00062411 _____ C:\Users\****\Downloads\Neues Textdokument.txt
2013-12-22 22:28 - 2013-12-22 22:28 - 00124990 _____ C:\Users\****\Downloads\OTL.Txt
2013-12-22 20:26 - 2013-12-22 20:26 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-12-22 19:27 - 2013-12-22 19:27 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 19:21 - 2013-12-22 19:21 - 00068442 _____ C:\Users\****\Documents\cc_20131222_192130.reg
2013-12-22 19:21 - 2013-12-22 19:21 - 00008506 _____ C:\Users\****\Documents\cc_20131222_192152.reg
2013-12-22 18:58 - 2013-12-22 18:59 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-22 18:25 - 2013-12-22 18:25 - 00000000 ____D C:\Users\****\Documents\PCMark 8
2013-12-22 18:21 - 2013-12-22 18:46 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2013-12-22 18:19 - 2013-12-22 18:21 - 00000000 ____D C:\Users\****\Documents\3DMark
2013-12-22 18:19 - 2013-12-22 18:19 - 00000000 ____D C:\Users\****\AppData\Local\IsolatedStorage
2013-12-22 18:18 - 2013-12-22 18:31 - 00000554 _____ C:\WINDOWS\DirectX.log
2013-12-22 18:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2013-12-22 18:18 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2013-12-22 18:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2013-12-22 18:18 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2013-12-22 18:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2013-12-22 18:18 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2013-12-22 18:18 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\Downloads\3DMark-v1-2-250
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\AppData\Roaming\WinRAR
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-22 18:16 - 2013-12-22 18:17 - 00000000 ____D C:\Program Files\WinRAR
2013-12-22 18:16 - 2013-12-22 18:16 - 01977432 _____ C:\Users\****\Downloads\winrar-x64-501.exe
2013-12-22 18:11 - 2013-12-22 18:22 - 163606685 _____ C:\Users\****\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-22 16:26 - 2013-12-22 16:26 - 00000000 ____D C:\Users\****\AppData\Local\Activision
2013-12-22 04:13 - 2013-12-21 22:22 - 129598176 _____ C:\Users\****\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-22 03:33 - 2013-12-22 03:33 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-12-22 03:33 - 2013-12-22 03:33 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-22 03:21 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2013-12-22 03:21 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2013-12-22 03:21 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2013-12-22 03:21 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2013-12-22 03:21 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2013-12-22 03:21 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2013-12-22 03:21 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-12-22 03:20 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2013-12-22 03:20 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2013-12-22 03:20 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2013-12-22 03:20 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-12-22 03:20 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-12-22 03:20 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2013-12-22 03:20 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-12-22 03:20 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2013-12-22 03:20 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2013-12-22 03:20 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-12-22 03:20 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-12-22 03:13 - 2013-12-22 03:13 - 00000000 ____D C:\Users\****\AppData\Local\Macromedia
2013-12-22 03:08 - 2013-12-21 23:30 - 00000000 ____D C:\Users\****\AppData\Local\Adobe
2013-12-22 03:02 - 2013-12-22 03:02 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-12-22 02:56 - 2013-12-22 02:56 - 00000000 ____D C:\Users\****\Documents\Avatar
2013-12-22 02:55 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-22 02:55 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-22 02:54 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-22 02:54 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-22 02:54 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-12-22 02:54 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-22 02:54 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-12-22 02:54 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-22 02:54 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-22 02:54 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-22 02:54 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-12-22 02:54 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-22 02:54 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-12-22 02:54 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-12-22 02:54 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-12-22 02:54 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-12-22 02:54 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-12-22 02:54 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-12-22 02:54 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-12-22 02:54 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-12-22 02:54 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-12-22 02:54 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-12-22 02:54 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-12-22 02:54 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-12-22 02:52 - 2013-12-22 02:59 - 00000000 ____D C:\Users\****\Documents\Youcam
2013-12-22 02:52 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\AppData\Roaming\CyberLink
2013-12-22 02:52 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\AppData\Local\CyberLink
2013-12-22 02:52 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-12-22 02:52 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-12-22 02:52 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-12-22 02:51 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2013-12-22 02:51 - 2013-08-16 06:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-12-22 02:51 - 2013-08-16 06:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-12-22 02:51 - 2013-08-16 06:32 - 00209200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-12-22 02:51 - 2013-08-16 06:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-12-22 02:51 - 2013-08-16 06:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-12-22 02:51 - 2013-08-16 06:20 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00083968 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2013-12-22 02:51 - 2013-08-15 23:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2013-12-22 02:51 - 2013-08-15 23:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2013-12-22 02:50 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-22 02:50 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-22 02:50 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2013-12-22 02:50 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2013-12-22 02:49 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-12-22 02:49 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-12-22 02:49 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-12-22 02:48 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-12-22 02:48 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-12-22 02:48 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-12-22 02:48 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-12-22 02:48 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-12-22 02:48 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-12-22 02:48 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-12-22 02:48 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-22 02:48 - 2013-10-03 23:09 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-12-22 02:48 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-12-22 02:48 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-12-22 02:48 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2013-12-22 02:48 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-22 02:48 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2013-12-22 02:48 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2013-12-22 02:48 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2013-12-22 02:48 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2013-12-22 02:44 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-12-22 02:44 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-12-22 02:44 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-12-22 02:44 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-12-22 02:44 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-12-22 02:44 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-12-22 02:44 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-12-22 02:44 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-12-22 02:44 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2013-12-22 02:44 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-12-22 02:44 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-12-22 02:44 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-12-22 02:44 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-12-22 02:44 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-12-22 02:44 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-12-22 02:44 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2013-12-22 02:42 - 2013-12-22 02:42 - 00000000 ____D C:\Users\****\AppData\Roaming\NVIDIA
2013-12-22 02:41 - 2013-12-22 02:41 - 05032470 _____ (Geeks3D ) C:\Users\****\Downloads\FurMark_1.12.0_Setup.exe
2013-12-22 02:41 - 2013-12-22 02:41 - 00000000 ____D C:\Program Files\VideoLAN
2013-12-22 02:40 - 2013-12-22 02:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-22 02:40 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2013-12-22 02:40 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2013-12-22 02:40 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-12-22 02:40 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-12-22 02:40 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-12-22 02:40 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2013-12-22 02:40 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2013-12-22 02:36 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-12-22 02:36 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-12-22 02:34 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2013-12-22 02:34 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2013-12-22 02:34 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-22 02:34 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2013-12-22 02:34 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2013-12-22 02:34 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2013-12-22 02:34 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-22 02:34 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2013-12-22 02:34 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2013-12-22 02:34 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-22 02:34 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-22 02:34 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-22 02:34 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-22 02:34 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-22 02:34 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-12-22 02:34 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2013-12-22 02:34 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2013-12-22 02:34 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2013-12-22 02:34 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2013-12-22 02:34 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2013-12-22 02:34 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-12-22 02:34 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2013-12-22 02:34 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2013-12-22 02:34 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2013-12-22 02:34 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2013-12-22 02:34 - 2013-03-22 04:49 - 02382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2013-12-22 02:34 - 2013-03-21 23:47 - 02851840 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2013-12-22 02:33 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-22 02:33 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-22 02:33 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-22 02:33 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2013-12-22 02:33 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2013-12-22 02:32 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-12-22 02:32 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-12-22 02:32 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-22 02:32 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-22 02:30 - 2013-12-22 02:30 - 00000000 _____ C:\Users\****\agent.log
2013-12-22 02:29 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2013-12-22 02:29 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2013-12-22 02:20 - 2013-12-22 02:20 - 00000000 ____D C:\Users\****\AppData\Roaming\Nitro
2013-12-22 02:18 - 2013-12-22 02:18 - 00000000 ____D C:\Users\****\AppData\Local\Intel_Corporation
2013-12-22 02:13 - 2013-12-22 02:13 - 00000000 ____D C:\Users\****\AppData\Local\NVIDIA Corporation
2013-12-22 02:13 - 2013-12-10 03:13 - 01100248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2013-12-22 02:13 - 2013-12-10 03:13 - 00982232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2013-12-22 02:12 - 2013-12-23 14:41 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-694089502-576588150-1779369041-1002
2013-12-22 02:12 - 2013-12-22 02:14 - 00000000 ____D C:\Users\****\AppData\Local\NVIDIA
2013-12-22 02:12 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2013-12-22 02:12 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2013-12-22 02:12 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2013-12-22 02:11 - 2013-12-22 02:11 - 00002770 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-22 02:10 - 2013-12-22 02:11 - 00000000 ____D C:\Program Files\CCleaner
2013-12-22 02:08 - 2013-12-22 02:10 - 23679700 _____ C:\Users\****\Downloads\vlc-2.1.1-win64.exe
2013-12-22 02:07 - 2013-12-22 02:07 - 03541544 _____ (Piriform Ltd) C:\Users\****\Downloads\ccsetup408_slim.exe
2013-12-22 02:07 - 2013-12-22 02:07 - 00000000 ____D C:\Users\****\AppData\Roaming\Intel Corporation
2013-12-22 02:07 - 2013-12-22 02:07 - 00000000 ____D C:\ProgramData\Energy Management
2013-12-22 02:06 - 2013-12-22 16:36 - 00000000 ____D C:\Users\****\AppData\Roaming\Adobe
2013-12-22 02:06 - 2013-12-22 03:59 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-22 02:06 - 2013-12-22 03:59 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-22 02:06 - 2013-12-22 02:06 - 00001449 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-22 02:06 - 2013-12-22 02:06 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2013-12-22 02:06 - 2013-12-22 02:06 - 00000000 ____D C:\Users\****\AppData\Roaming\Macromedia
2013-12-22 02:06 - 2013-12-22 02:06 - 00000000 ____D C:\ProgramData\eBay
2013-12-22 02:05 - 2013-12-23 00:47 - 00000000 ____D C:\Users\****\AppData\Local\Packages
2013-12-22 02:05 - 2013-12-22 19:16 - 00000000 ____D C:\Users\****\AppData\Local\VirtualStore
2013-12-22 02:05 - 2013-12-22 02:07 - 00001129 _____ C:\Users\****\Desktop\Cyberlink Power2Go.lnk
2013-12-22 02:05 - 2013-12-22 02:05 - 00000020 ___SH C:\Users\****\ntuser.ini
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Vorlagen
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Startmenü
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Netzwerkumgebung
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Lokale Einstellungen
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Eigene Dateien
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Druckumgebung
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Documents\Eigene Musik
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Documents\Eigene Bilder
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Local\Verlauf
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Local\Anwendungsdaten
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Anwendungsdaten
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****\AppData\Roaming\Intel
2013-12-22 02:05 - 2013-12-22 00:35 - 00000000 ____D C:\Users\****
2013-12-22 02:05 - 2013-10-19 08:55 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-22 02:05 - 2013-10-19 08:54 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-22 02:05 - 2013-10-19 00:02 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-12-22 02:05 - 2013-02-04 07:18 - 00000189 _____ C:\Users\****\Desktop\Lenovo Telephony Start Now.url
2013-12-22 02:05 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-22 02:05 - 2012-07-26 09:13 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-22 00:42 - 2013-12-22 00:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-22 00:41 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-21 22:42 - 2013-12-21 22:42 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-21 22:42 - 2013-12-21 22:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-21 22:41 - 2013-12-21 23:31 - 00000000 ____D C:\ProgramData\Adobe
2013-12-21 22:31 - 2013-12-21 22:31 - 00000000 ____D C:\Users\****\AppData\Roaming\Avira
2013-12-21 22:29 - 2013-12-21 22:29 - 00000000 ____D C:\ProgramData\Avira
2013-12-21 22:29 - 2013-12-21 22:29 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-21 22:29 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-21 22:29 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-21 22:29 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-21 22:29 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-12-21 22:22 - 2013-12-21 22:22 - 00007609 _____ C:\Users\****\AppData\Local\Resmon.ResmonCfg
==================== One Month Modified Files and Folders =======
2013-12-23 14:46 - 2013-12-23 14:46 - 00013276 _____ C:\Users\****\Downloads\FRST.txt
2013-12-23 14:45 - 2013-12-23 14:45 - 00000000 ____D C:\FRST
2013-12-23 14:41 - 2013-12-22 02:12 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-694089502-576588150-1779369041-1002
2013-12-23 14:39 - 2013-12-23 14:39 - 00000741 _____ C:\Users\****\Desktop\JRT.txt
2013-12-23 14:37 - 2013-10-19 08:45 - 00754172 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-23 14:37 - 2013-10-19 08:45 - 00156362 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-23 14:37 - 2012-07-26 08:28 - 01748838 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-23 14:34 - 2013-12-23 14:34 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-23 14:31 - 2013-03-25 22:02 - 00119040 _____ C:\WINDOWS\PFRO.log
2013-12-23 14:31 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-23 14:31 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-23 14:30 - 2013-10-19 00:06 - 00002560 _____ C:\WINDOWS\system32\VfService.trf
2013-12-23 14:30 - 2013-10-18 23:04 - 02036978 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-23 14:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-23 13:48 - 2013-12-23 13:48 - 01928280 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-12-23 13:45 - 2013-12-23 13:45 - 01034531 _____ (Thisisu) C:\Users\****\Downloads\JRT_6.0.8.exe
2013-12-23 02:04 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-12-23 00:54 - 2013-12-23 00:54 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\Users\****\AppData\Roaming\Malwarebytes
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 00:50 - 2013-12-23 00:50 - 00307760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-23 00:48 - 2013-12-23 00:40 - 00000000 ____D C:\AdwCleaner
2013-12-23 00:47 - 2013-12-23 00:43 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2013-12-23 00:47 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****\AppData\Local\Packages
2013-12-23 00:47 - 2013-03-25 22:03 - 00000000 ____D C:\ProgramData\PRICache
2013-12-23 00:45 - 2013-10-19 00:04 - 00000000 ____D C:\ProgramData\McAfee
2013-12-23 00:43 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-23 00:43 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-12-23 00:43 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-23 00:35 - 2013-12-23 00:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 22:41 - 2013-12-22 22:40 - 00062411 _____ C:\Users\****\Downloads\Neues Textdokument.txt
2013-12-22 22:28 - 2013-12-22 22:28 - 00124990 _____ C:\Users\****\Downloads\OTL.Txt
2013-12-22 20:26 - 2013-12-22 20:26 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-12-22 19:27 - 2013-12-22 19:27 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 19:21 - 2013-12-22 19:21 - 00068442 _____ C:\Users\****\Documents\cc_20131222_192130.reg
2013-12-22 19:21 - 2013-12-22 19:21 - 00008506 _____ C:\Users\****\Documents\cc_20131222_192152.reg
2013-12-22 19:16 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****\AppData\Local\VirtualStore
2013-12-22 18:59 - 2013-12-22 18:58 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-22 18:54 - 2013-10-18 23:41 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-22 18:46 - 2013-12-22 18:21 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2013-12-22 18:31 - 2013-12-22 18:18 - 00000554 _____ C:\WINDOWS\DirectX.log
2013-12-22 18:25 - 2013-12-22 18:25 - 00000000 ____D C:\Users\****\Documents\PCMark 8
2013-12-22 18:22 - 2013-12-22 18:11 - 163606685 _____ C:\Users\****\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-22 18:21 - 2013-12-22 18:19 - 00000000 ____D C:\Users\****\Documents\3DMark
2013-12-22 18:19 - 2013-12-22 18:19 - 00000000 ____D C:\Users\****\AppData\Local\IsolatedStorage
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\Downloads\3DMark-v1-2-250
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\AppData\Roaming\WinRAR
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-22 18:17 - 2013-12-22 18:16 - 00000000 ____D C:\Program Files\WinRAR
2013-12-22 18:16 - 2013-12-22 18:16 - 01977432 _____ C:\Users\****\Downloads\winrar-x64-501.exe
2013-12-22 16:36 - 2013-12-22 02:06 - 00000000 ____D C:\Users\****\AppData\Roaming\Adobe
2013-12-22 16:26 - 2013-12-22 16:26 - 00000000 ____D C:\Users\****\AppData\Local\Activision
2013-12-22 16:23 - 2012-07-26 08:21 - 00029328 _____ C:\WINDOWS\setupact.log
2013-12-22 04:02 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-22 03:59 - 2013-12-22 02:06 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-22 03:59 - 2013-12-22 02:06 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-22 03:55 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-22 03:45 - 2012-07-26 06:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-12-22 03:33 - 2013-12-22 03:33 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-12-22 03:33 - 2013-12-22 03:33 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-22 03:33 - 2013-10-18 23:33 - 00000000 ____D C:\ProgramData\Intel
2013-12-22 03:33 - 2013-10-18 23:20 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-22 03:31 - 2013-10-18 23:23 - 00000000 ____D C:\Program Files\Intel
2013-12-22 03:31 - 2013-10-18 23:22 - 00000000 ___HD C:\Intel
2013-12-22 03:13 - 2013-12-22 03:13 - 00000000 ____D C:\Users\****\AppData\Local\Macromedia
2013-12-22 03:02 - 2013-12-22 03:02 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-12-22 02:59 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\Documents\Youcam
2013-12-22 02:56 - 2013-12-22 02:56 - 00000000 ____D C:\Users\****\Documents\Avatar
2013-12-22 02:53 - 2013-10-19 00:00 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-22 02:52 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\AppData\Roaming\CyberLink
2013-12-22 02:52 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\AppData\Local\CyberLink
2013-12-22 02:42 - 2013-12-22 02:42 - 00000000 ____D C:\Users\****\AppData\Roaming\NVIDIA
2013-12-22 02:41 - 2013-12-22 02:41 - 05032470 _____ (Geeks3D ) C:\Users\****\Downloads\FurMark_1.12.0_Setup.exe
2013-12-22 02:41 - 2013-12-22 02:41 - 00000000 ____D C:\Program Files\VideoLAN
2013-12-22 02:40 - 2013-12-22 02:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-22 02:30 - 2013-12-22 02:30 - 00000000 _____ C:\Users\****\agent.log
2013-12-22 02:20 - 2013-12-22 02:20 - 00000000 ____D C:\Users\****\AppData\Roaming\Nitro
2013-12-22 02:18 - 2013-12-22 02:18 - 00000000 ____D C:\Users\****\AppData\Local\Intel_Corporation
2013-12-22 02:14 - 2013-12-22 02:12 - 00000000 ____D C:\Users\****\AppData\Local\NVIDIA
2013-12-22 02:13 - 2013-12-22 02:13 - 00000000 ____D C:\Users\****\AppData\Local\NVIDIA Corporation
2013-12-22 02:13 - 2013-10-18 23:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-22 02:13 - 2013-10-18 23:24 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-22 02:13 - 2013-10-18 23:24 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-22 02:13 - 2013-10-18 23:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-22 02:11 - 2013-12-22 02:11 - 00002770 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-22 02:11 - 2013-12-22 02:10 - 00000000 ____D C:\Program Files\CCleaner
2013-12-22 02:10 - 2013-12-22 02:08 - 23679700 _____ C:\Users\****\Downloads\vlc-2.1.1-win64.exe
2013-12-22 02:10 - 2013-10-19 00:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2013-12-22 02:07 - 2013-12-22 02:07 - 03541544 _____ (Piriform Ltd) C:\Users\****\Downloads\ccsetup408_slim.exe
2013-12-22 02:07 - 2013-12-22 02:07 - 00000000 ____D C:\Users\****\AppData\Roaming\Intel Corporation
2013-12-22 02:07 - 2013-12-22 02:07 - 00000000 ____D C:\ProgramData\Energy Management
2013-12-22 02:07 - 2013-12-22 02:05 - 00001129 _____ C:\Users\****\Desktop\Cyberlink Power2Go.lnk
2013-12-22 02:06 - 2013-12-22 02:06 - 00001449 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-22 02:06 - 2013-12-22 02:06 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2013-12-22 02:06 - 2013-12-22 02:06 - 00000000 ____D C:\Users\****\AppData\Roaming\Macromedia
2013-12-22 02:06 - 2013-12-22 02:06 - 00000000 ____D C:\ProgramData\eBay
2013-12-22 02:06 - 2013-10-19 08:42 - 00112468 ____H C:\WINDOWS\modules.log
2013-12-22 02:05 - 2013-12-22 02:05 - 00000020 ___SH C:\Users\****\ntuser.ini
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Vorlagen
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Startmenü
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Netzwerkumgebung
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Lokale Einstellungen
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Eigene Dateien
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Druckumgebung
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Documents\Eigene Musik
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Documents\Eigene Bilder
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Local\Verlauf
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Local\Anwendungsdaten
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Anwendungsdaten
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****\AppData\Roaming\Intel
2013-12-22 02:05 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2013-12-22 01:50 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-22 01:48 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows NT
2013-12-22 01:48 - 2012-07-26 06:37 - 00000000 ___HD C:\Users\Default
2013-12-22 00:42 - 2013-12-22 00:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-22 00:40 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2013-12-22 00:35 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****
2013-12-21 23:47 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-21 23:31 - 2013-12-21 22:41 - 00000000 ____D C:\ProgramData\Adobe
2013-12-21 23:30 - 2013-12-22 03:08 - 00000000 ____D C:\Users\****\AppData\Local\Adobe
2013-12-21 22:42 - 2013-12-21 22:42 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-21 22:42 - 2013-12-21 22:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-21 22:31 - 2013-12-21 22:31 - 00000000 ____D C:\Users\****\AppData\Roaming\Avira
2013-12-21 22:29 - 2013-12-21 22:29 - 00000000 ____D C:\ProgramData\Avira
2013-12-21 22:29 - 2013-12-21 22:29 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-21 22:27 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-12-21 22:22 - 2013-12-22 04:13 - 129598176 _____ C:\Users\****\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-21 22:22 - 2013-12-21 22:22 - 00007609 _____ C:\Users\****\AppData\Local\Resmon.ResmonCfg
2013-12-10 03:13 - 2013-12-22 02:13 - 01100248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2013-12-10 03:13 - 2013-12-22 02:13 - 00982232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2013-12-09 11:37 - 2013-12-21 22:29 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-21 22:29 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-21 22:29 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2013-12-21 22:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-12-05 09:42 - 2013-12-22 02:12 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2013-12-05 09:42 - 2013-12-22 02:12 - 00035104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2013-12-05 09:42 - 2013-12-22 02:12 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2013-12-04 01:53 - 2012-07-26 09:14 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:53 - 2012-07-26 09:14 - 00078304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-01 14:42 - 2013-12-22 00:41 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-23 07:43 - 2013-12-22 02:33 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-11-23 06:05 - 2013-12-22 02:33 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\avgnt.exe
C:\Users\****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-03-25 22:02
==================== End Of Log ============================
Addition Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2013 01
Ran by **** at 2013-12-23 14:46:39
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Avira Free Antivirus (x32 Version: 14.0.2.286)
Benutzerhandbuch (x32 Version: 1.0.0.15)
CCleaner (Version: 4.08)
Energy Management (x32 Version: 8.0.2.11)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Genesys USB Mass Storage Device (x32 Version: 4.3.0.3)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36943)
Intel(R) Management Engine Components (x32 Version: 9.0.0.1323)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577)
Intel(R) Processor Graphics (x32 Version: 9.18.10.3165)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 3.0.1304.0338)
Intel(R) Rapid Storage Technology (Version: 12.6.0.1033)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.63463)
Intel(R) Update Manager (x32 Version: 1.6.0.56)
Intel(R) WiDi (Version: 4.1.19.0)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269)
Intel® Trusted Connect Service Client (Version: 1.27.798.1)
Lenovo EasyCamera (x32 Version: 6.2.9200.10240)
Lenovo Experience Improvement (Version: 1.0.4.0)
Lenovo OneKey Recovery (Version: 8.0.0.1219)
Lenovo OneKey Recovery (x32 Version: 8.0.0.1219)
Lenovo Photos (x32 Version: 4.8.5)
Lenovo pointing device (Version: 11.4.19.2)
Lenovo PowerDVD10 (x32 Version: 10.0.5219.52)
Lenovo VeriFace (Version: 5.0.13.5261)
Lenovo YouCam (x32 Version: 4.1.3423)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office (x32 Version: 15.0.4454.1510)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
Nitro Pro 8 (Version: 8.0.10.7)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1)
NVIDIA Grafiktreiber 311.54 (Version: 311.54)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15)
NVIDIA Systemsteuerung 311.54 (Version: 311.54)
NVIDIA Update 10.11.15 (Version: 10.11.15)
NVIDIA Update Core (Version: 10.11.15)
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19)
Onekey Theater (x32 Version: 3.0.1.0)
OpenOffice 4.0.1 (x32 Version: 4.01.9714)
Power2Go (x32 Version: 5.6.0.9109)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.12)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6923)
Shared C Run-time for x64 (Version: 10.0.0)
SHIELD Streaming (Version: 1.6.85)
SugarSync Manager (x32 Version: 1.9.61.90905)
UserGuide (x32 Version: 1.0.0.15)
VLC media player 2.1.1 (Version: 2.1.1)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733)
WinRAR 5.01 (64-bit) (Version: 5.01.0)
==================== Restore Points =========================
21-12-2013 23:39:30 Windows Update
22-12-2013 02:31:15 Intel® PROSet/Wireless Software
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {41666937-E2FA-479A-9682-DA7A53FFAE0F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {488FBEE6-30B0-4513-9041-DE0C3CE1D7B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {51C911D7-F106-4F0D-B60A-0ECF36F79899} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {531871E4-CD76-46F7-8D1F-66CB77D0ECB9} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B4339DA0-C913-480E-ABFF-A011402148E3} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {B48632BE-91D6-4885-8003-F6D57CC91D47} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F183D63A-1A10-4906-A40D-D9D61BDA28B7} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {F71EF19A-A8D4-4F6E-B183-1E6EDA6C4104} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
==================== Loaded Modules (whitelisted) =============
2013-12-21 22:29 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-18 23:33 - 2013-05-15 18:08 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Faulty Device Manager Devices =============
Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/23/2013 02:44:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA****)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (12/23/2013 02:43:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA****)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (12/23/2013 02:45:06 PM) (Source: DCOM) (User: SA****)
Description: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
Microsoft Office Sessions:
=========================
Error: (12/23/2013 02:44:41 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA****)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927151
Error: (12/23/2013 02:43:53 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA****)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927151
CodeIntegrity Errors:
===================================
Date: 2013-12-22 16:53:21.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-22 16:27:07.886
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-22 02:52:58.933
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 7912.27 MB
Available physical RAM: 6297.86 MB
Total Pagefile: 12520.27 MB
Available Pagefile: 10715.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:891.46 GB) (Free:844.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D67C296A)
Partition: GPT Partition Type
==================== End Of Log ============================
|
|
24.12.2013, 10:36
| #4 |
| /// the machine /// TB-Ausbilder | weDownload Manager Pro - Spyware/AdwareESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.12.2013, 03:46
| #5 |
| | weDownload Manager Pro - Spyware/Adware Erstmal noch ein frohes Fest Das ganze hat sich jetz über weihnachten ein bisschen gezogen... Aber hier kommen die Logs Ich hab da noch 2 kurze Fragen zu FRST: 1. Sollte ich das FRST auch während des booten starten oder reicht es hier für diese Zwecke, wenn ich es während das System läuft ausführe (so habe ich es nämlich gemacht)? 2. Muss ich damit auch irgendetwas fixn oder reicht der Scan? Auf alle Fälle schon mal vielen Dank für die bisherige Hilfe!!! (Bei diesen Scans hing jetzt meine Externe Festplatte mit dran, falls die Info wichtig sein sollte) Eset Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a41b2673959d60449aa3272250a9344d
# engine=16391
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-24 07:11:11
# local_time=2013-12-24 08:11:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 94 25900 1330433 18680 0
# compatibility_mode=5893 16776574 100 94 5742955 5743218 0 0
# scanned=333214
# found=0
# cleaned=0
# scan_time=21521
Checkup Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.77 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.170 Adobe Reader XI Mozilla Firefox (26.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2013 01
Ran by **** (administrator) on **** on 25-12-2013 03:30:29
Running from C:\Users\****\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [UMonit64] - C:\Windows\SysWOW64\UMonit64.exe [40960 2013-04-09] ()
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-10-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [193008 2013-10-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-04-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll [201576 2013-04-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {770B0D2D-1E28-4117-A3E0-216E377E6B44} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM - {770B0D2D-1E28-4117-A3E0-216E377E6B44} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {770B0D2D-1E28-4117-A3E0-216E377E6B44} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - {770B0D2D-1E28-4117-A3E0-216E377E6B44} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ie52kiif.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-05-03] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-19] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic)
S3 GPUZ; C:\WINDOWS\TEMP\GPUZ.sys [27008 2013-12-22] ()
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-25 03:30 - 2013-12-25 03:30 - 00000000 ____D C:\Users\****\Downloads\FRST-OlderVersion
2013-12-25 03:29 - 2013-12-25 03:29 - 00000831 _____ C:\Users\****\Downloads\checkup.txt
2013-12-24 14:03 - 2013-12-24 14:03 - 00891200 _____ C:\Users\****\Desktop\SecurityCheck.exe
2013-12-24 14:02 - 2013-12-24 14:03 - 02347384 _____ (ESET) C:\Users\****\Downloads\esetsmartinstaller_enu.exe
2013-12-23 14:46 - 2013-12-25 03:30 - 00013430 _____ C:\Users\****\Downloads\FRST.txt
2013-12-23 14:46 - 2013-12-23 14:46 - 00011494 _____ C:\Users\****\Downloads\Addition.txt
2013-12-23 14:45 - 2013-12-25 03:30 - 00000000 ____D C:\FRST
2013-12-23 14:39 - 2013-12-23 14:39 - 00000741 _____ C:\Users\****\Downloads\JRT.txt
2013-12-23 14:34 - 2013-12-23 14:34 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-23 13:48 - 2013-12-25 03:30 - 01928636 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-12-23 13:45 - 2013-12-23 13:45 - 01034531 _____ (Thisisu) C:\Users\****\Downloads\JRT_6.0.8.exe
2013-12-23 00:54 - 2013-12-23 00:54 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\Users\****\AppData\Roaming\Malwarebytes
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 00:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-23 00:50 - 2013-12-23 00:50 - 00307760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-23 00:43 - 2013-12-23 00:47 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2013-12-23 00:40 - 2013-12-23 00:48 - 00000000 ____D C:\AdwCleaner
2013-12-23 00:34 - 2013-12-23 00:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 22:40 - 2013-12-22 22:41 - 00062411 _____ C:\Users\****\Downloads\Neues Textdokument.txt
2013-12-22 22:28 - 2013-12-22 22:28 - 00124990 _____ C:\Users\****\Downloads\OTL.Txt
2013-12-22 20:26 - 2013-12-22 20:26 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-12-22 19:27 - 2013-12-22 19:27 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 19:21 - 2013-12-22 19:21 - 00068442 _____ C:\Users\****\Documents\cc_20131222_192130.reg
2013-12-22 19:21 - 2013-12-22 19:21 - 00008506 _____ C:\Users\****\Documents\cc_20131222_192152.reg
2013-12-22 18:58 - 2013-12-22 18:59 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-22 18:25 - 2013-12-22 18:25 - 00000000 ____D C:\Users\****\Documents\PCMark 8
2013-12-22 18:21 - 2013-12-22 18:46 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2013-12-22 18:19 - 2013-12-22 18:21 - 00000000 ____D C:\Users\****\Documents\3DMark
2013-12-22 18:19 - 2013-12-22 18:19 - 00000000 ____D C:\Users\****\AppData\Local\IsolatedStorage
2013-12-22 18:18 - 2013-12-22 18:31 - 00000554 _____ C:\WINDOWS\DirectX.log
2013-12-22 18:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2013-12-22 18:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2013-12-22 18:18 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2013-12-22 18:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2013-12-22 18:18 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2013-12-22 18:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2013-12-22 18:18 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2013-12-22 18:18 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\Downloads\3DMark-v1-2-250
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\AppData\Roaming\WinRAR
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-22 18:16 - 2013-12-22 18:17 - 00000000 ____D C:\Program Files\WinRAR
2013-12-22 18:16 - 2013-12-22 18:16 - 01977432 _____ C:\Users\****\Downloads\winrar-x64-501.exe
2013-12-22 18:11 - 2013-12-22 18:22 - 163606685 _____ C:\Users\****\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-22 16:26 - 2013-12-22 16:26 - 00000000 ____D C:\Users\****\AppData\Local\Activision
2013-12-22 04:13 - 2013-12-21 22:22 - 129598176 _____ C:\Users\****\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-22 03:33 - 2013-12-22 03:33 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-12-22 03:33 - 2013-12-22 03:33 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-22 03:21 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2013-12-22 03:21 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2013-12-22 03:21 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2013-12-22 03:21 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2013-12-22 03:21 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2013-12-22 03:21 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2013-12-22 03:21 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-12-22 03:20 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2013-12-22 03:20 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2013-12-22 03:20 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2013-12-22 03:20 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-12-22 03:20 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-12-22 03:20 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2013-12-22 03:20 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-12-22 03:20 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2013-12-22 03:20 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2013-12-22 03:20 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-12-22 03:20 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-12-22 03:13 - 2013-12-22 03:13 - 00000000 ____D C:\Users\****\AppData\Local\Macromedia
2013-12-22 03:08 - 2013-12-21 23:30 - 00000000 ____D C:\Users\****\AppData\Local\Adobe
2013-12-22 03:02 - 2013-12-22 03:02 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-12-22 02:56 - 2013-12-22 02:56 - 00000000 ____D C:\Users\****\Documents\Avatar
2013-12-22 02:55 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-22 02:55 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-22 02:54 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-22 02:54 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-22 02:54 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-12-22 02:54 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-22 02:54 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-12-22 02:54 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-22 02:54 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-22 02:54 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-22 02:54 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-12-22 02:54 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-22 02:54 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-12-22 02:54 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-12-22 02:54 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-12-22 02:54 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-12-22 02:54 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-12-22 02:54 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-12-22 02:54 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-12-22 02:54 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-12-22 02:54 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-12-22 02:54 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-12-22 02:54 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-12-22 02:54 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-12-22 02:54 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-12-22 02:52 - 2013-12-22 02:59 - 00000000 ____D C:\Users\****\Documents\Youcam
2013-12-22 02:52 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\AppData\Roaming\CyberLink
2013-12-22 02:52 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\AppData\Local\CyberLink
2013-12-22 02:52 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-12-22 02:52 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-12-22 02:52 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-12-22 02:51 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2013-12-22 02:51 - 2013-08-16 06:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-12-22 02:51 - 2013-08-16 06:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-12-22 02:51 - 2013-08-16 06:32 - 00209200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-12-22 02:51 - 2013-08-16 06:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-12-22 02:51 - 2013-08-16 06:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-12-22 02:51 - 2013-08-16 06:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-12-22 02:51 - 2013-08-16 06:20 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-22 02:51 - 2013-08-15 23:43 - 00083968 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2013-12-22 02:51 - 2013-08-15 23:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2013-12-22 02:51 - 2013-08-15 23:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2013-12-22 02:50 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-22 02:50 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-22 02:50 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2013-12-22 02:50 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2013-12-22 02:49 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-12-22 02:49 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-12-22 02:49 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-12-22 02:48 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-12-22 02:48 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-12-22 02:48 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-12-22 02:48 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-12-22 02:48 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-12-22 02:48 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-12-22 02:48 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-12-22 02:48 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-12-22 02:48 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-22 02:48 - 2013-10-03 23:09 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-12-22 02:48 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-12-22 02:48 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-12-22 02:48 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2013-12-22 02:48 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-22 02:48 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2013-12-22 02:48 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2013-12-22 02:48 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2013-12-22 02:48 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2013-12-22 02:44 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-12-22 02:44 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-12-22 02:44 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-12-22 02:44 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-12-22 02:44 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-12-22 02:44 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-12-22 02:44 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-12-22 02:44 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-12-22 02:44 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2013-12-22 02:44 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-12-22 02:44 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-12-22 02:44 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-12-22 02:44 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-12-22 02:44 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-12-22 02:44 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-12-22 02:44 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2013-12-22 02:42 - 2013-12-22 02:42 - 00000000 ____D C:\Users\****\AppData\Roaming\NVIDIA
2013-12-22 02:41 - 2013-12-22 02:41 - 05032470 _____ (Geeks3D ) C:\Users\****\Downloads\FurMark_1.12.0_Setup.exe
2013-12-22 02:41 - 2013-12-22 02:41 - 00000000 ____D C:\Program Files\VideoLAN
2013-12-22 02:40 - 2013-12-22 02:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-22 02:40 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2013-12-22 02:40 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2013-12-22 02:40 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-12-22 02:40 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-12-22 02:40 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-12-22 02:40 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2013-12-22 02:40 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2013-12-22 02:36 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-12-22 02:36 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-12-22 02:34 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2013-12-22 02:34 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2013-12-22 02:34 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-22 02:34 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2013-12-22 02:34 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2013-12-22 02:34 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2013-12-22 02:34 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-22 02:34 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2013-12-22 02:34 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2013-12-22 02:34 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-22 02:34 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-22 02:34 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-22 02:34 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-22 02:34 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-22 02:34 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-12-22 02:34 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2013-12-22 02:34 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2013-12-22 02:34 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2013-12-22 02:34 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2013-12-22 02:34 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2013-12-22 02:34 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-12-22 02:34 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2013-12-22 02:34 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2013-12-22 02:34 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2013-12-22 02:34 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2013-12-22 02:34 - 2013-03-22 04:49 - 02382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2013-12-22 02:34 - 2013-03-21 23:47 - 02851840 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2013-12-22 02:33 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-22 02:33 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-22 02:33 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-22 02:33 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2013-12-22 02:33 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2013-12-22 02:32 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-12-22 02:32 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-12-22 02:32 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-22 02:32 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-22 02:30 - 2013-12-22 02:30 - 00000000 _____ C:\Users\****\agent.log
2013-12-22 02:29 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2013-12-22 02:29 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2013-12-22 02:20 - 2013-12-22 02:20 - 00000000 ____D C:\Users\****\AppData\Roaming\Nitro
2013-12-22 02:18 - 2013-12-22 02:18 - 00000000 ____D C:\Users\****\AppData\Local\Intel_Corporation
2013-12-22 02:13 - 2013-12-22 02:13 - 00000000 ____D C:\Users\****\AppData\Local\NVIDIA Corporation
2013-12-22 02:13 - 2013-12-10 03:13 - 01100248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2013-12-22 02:13 - 2013-12-10 03:13 - 00982232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2013-12-22 02:13 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2013-12-22 02:12 - 2013-12-24 14:12 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-694089502-576588150-1779369041-1002
2013-12-22 02:12 - 2013-12-22 02:14 - 00000000 ____D C:\Users\****\AppData\Local\NVIDIA
2013-12-22 02:12 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2013-12-22 02:12 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2013-12-22 02:12 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2013-12-22 02:11 - 2013-12-22 02:11 - 00002770 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-22 02:10 - 2013-12-22 02:11 - 00000000 ____D C:\Program Files\CCleaner
2013-12-22 02:08 - 2013-12-22 02:10 - 23679700 _____ C:\Users\****\Downloads\vlc-2.1.1-win64.exe
2013-12-22 02:07 - 2013-12-22 02:07 - 03541544 _____ (Piriform Ltd) C:\Users\****\Downloads\ccsetup408_slim.exe
2013-12-22 02:07 - 2013-12-22 02:07 - 00000000 ____D C:\Users\****\AppData\Roaming\Intel Corporation
2013-12-22 02:07 - 2013-12-22 02:07 - 00000000 ____D C:\ProgramData\Energy Management
2013-12-22 02:06 - 2013-12-22 16:36 - 00000000 ____D C:\Users\****\AppData\Roaming\Adobe
2013-12-22 02:06 - 2013-12-22 03:59 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-22 02:06 - 2013-12-22 03:59 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-22 02:06 - 2013-12-22 02:06 - 00001449 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-22 02:06 - 2013-12-22 02:06 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2013-12-22 02:06 - 2013-12-22 02:06 - 00000000 ____D C:\Users\****\AppData\Roaming\Macromedia
2013-12-22 02:06 - 2013-12-22 02:06 - 00000000 ____D C:\ProgramData\eBay
2013-12-22 02:05 - 2013-12-23 00:47 - 00000000 ____D C:\Users\****\AppData\Local\Packages
2013-12-22 02:05 - 2013-12-22 19:16 - 00000000 ____D C:\Users\****\AppData\Local\VirtualStore
2013-12-22 02:05 - 2013-12-22 02:07 - 00001129 _____ C:\Users\****\Desktop\Cyberlink Power2Go.lnk
2013-12-22 02:05 - 2013-12-22 02:05 - 00000020 ___SH C:\Users\****\ntuser.ini
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Vorlagen
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Startmenü
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Netzwerkumgebung
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Lokale Einstellungen
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Eigene Dateien
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Druckumgebung
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Documents\Eigene Musik
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Documents\Eigene Bilder
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Local\Verlauf
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Local\Anwendungsdaten
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Anwendungsdaten
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****\AppData\Roaming\Intel
2013-12-22 02:05 - 2013-12-22 00:35 - 00000000 ____D C:\Users\****
2013-12-22 02:05 - 2013-10-19 08:55 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-22 02:05 - 2013-10-19 08:54 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-22 02:05 - 2013-10-19 00:02 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-12-22 02:05 - 2013-02-04 07:18 - 00000189 _____ C:\Users\****\Desktop\Lenovo Telephony Start Now.url
2013-12-22 02:05 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-22 02:05 - 2012-07-26 09:13 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-22 00:42 - 2013-12-22 00:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-22 00:41 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-21 22:42 - 2013-12-21 22:42 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-21 22:42 - 2013-12-21 22:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-21 22:41 - 2013-12-21 23:31 - 00000000 ____D C:\ProgramData\Adobe
2013-12-21 22:31 - 2013-12-21 22:31 - 00000000 ____D C:\Users\****\AppData\Roaming\Avira
2013-12-21 22:29 - 2013-12-21 22:29 - 00000000 ____D C:\ProgramData\Avira
2013-12-21 22:29 - 2013-12-21 22:29 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-21 22:29 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-21 22:29 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-21 22:29 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-21 22:29 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-12-21 22:22 - 2013-12-21 22:22 - 00007609 _____ C:\Users\****\AppData\Local\Resmon.ResmonCfg
==================== One Month Modified Files and Folders =======
2013-12-25 03:30 - 2013-12-25 03:30 - 00000000 ____D C:\Users\****\Downloads\FRST-OlderVersion
2013-12-25 03:30 - 2013-12-23 14:46 - 00013430 _____ C:\Users\****\Downloads\FRST.txt
2013-12-25 03:30 - 2013-12-23 14:45 - 00000000 ____D C:\FRST
2013-12-25 03:30 - 2013-12-23 13:48 - 01928636 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-12-25 03:29 - 2013-12-25 03:29 - 00000831 _____ C:\Users\****\Downloads\checkup.txt
2013-12-25 03:11 - 2013-10-18 23:04 - 01210567 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-25 03:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-24 16:37 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache
2013-12-24 14:12 - 2013-12-22 02:12 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-694089502-576588150-1779369041-1002
2013-12-24 14:05 - 2013-10-19 08:45 - 00754172 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-24 14:05 - 2013-10-19 08:45 - 00156362 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-24 14:05 - 2012-07-26 08:28 - 01748838 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-24 14:03 - 2013-12-24 14:03 - 00891200 _____ C:\Users\****\Desktop\SecurityCheck.exe
2013-12-24 14:03 - 2013-12-24 14:02 - 02347384 _____ (ESET) C:\Users\****\Downloads\esetsmartinstaller_enu.exe
2013-12-23 14:51 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-23 14:50 - 2013-10-19 00:06 - 00002560 _____ C:\WINDOWS\system32\VfService.trf
2013-12-23 14:46 - 2013-12-23 14:46 - 00011494 _____ C:\Users\****\Downloads\Addition.txt
2013-12-23 14:39 - 2013-12-23 14:39 - 00000741 _____ C:\Users\****\Downloads\JRT.txt
2013-12-23 14:34 - 2013-12-23 14:34 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-23 14:31 - 2013-03-25 22:02 - 00119040 _____ C:\WINDOWS\PFRO.log
2013-12-23 14:31 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-23 13:45 - 2013-12-23 13:45 - 01034531 _____ (Thisisu) C:\Users\****\Downloads\JRT_6.0.8.exe
2013-12-23 02:04 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-12-23 00:54 - 2013-12-23 00:54 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\Users\****\AppData\Roaming\Malwarebytes
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 00:54 - 2013-12-23 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 00:50 - 2013-12-23 00:50 - 00307760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-23 00:48 - 2013-12-23 00:40 - 00000000 ____D C:\AdwCleaner
2013-12-23 00:47 - 2013-12-23 00:43 - 00000000 ___RD C:\WINDOWS\BrowserChoice
2013-12-23 00:47 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****\AppData\Local\Packages
2013-12-23 00:47 - 2013-03-25 22:03 - 00000000 ____D C:\ProgramData\PRICache
2013-12-23 00:45 - 2013-10-19 00:04 - 00000000 ____D C:\ProgramData\McAfee
2013-12-23 00:43 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-23 00:43 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-12-23 00:43 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-23 00:35 - 2013-12-23 00:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-22 22:41 - 2013-12-22 22:40 - 00062411 _____ C:\Users\****\Downloads\Neues Textdokument.txt
2013-12-22 22:28 - 2013-12-22 22:28 - 00124990 _____ C:\Users\****\Downloads\OTL.Txt
2013-12-22 20:26 - 2013-12-22 20:26 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-12-22 19:27 - 2013-12-22 19:27 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 19:27 - 2013-12-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 19:21 - 2013-12-22 19:21 - 00068442 _____ C:\Users\****\Documents\cc_20131222_192130.reg
2013-12-22 19:21 - 2013-12-22 19:21 - 00008506 _____ C:\Users\****\Documents\cc_20131222_192152.reg
2013-12-22 19:16 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****\AppData\Local\VirtualStore
2013-12-22 18:59 - 2013-12-22 18:58 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-22 18:54 - 2013-10-18 23:41 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-22 18:46 - 2013-12-22 18:21 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2013-12-22 18:31 - 2013-12-22 18:18 - 00000554 _____ C:\WINDOWS\DirectX.log
2013-12-22 18:25 - 2013-12-22 18:25 - 00000000 ____D C:\Users\****\Documents\PCMark 8
2013-12-22 18:22 - 2013-12-22 18:11 - 163606685 _____ C:\Users\****\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-22 18:21 - 2013-12-22 18:19 - 00000000 ____D C:\Users\****\Documents\3DMark
2013-12-22 18:19 - 2013-12-22 18:19 - 00000000 ____D C:\Users\****\AppData\Local\IsolatedStorage
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\Downloads\3DMark-v1-2-250
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\AppData\Roaming\WinRAR
2013-12-22 18:17 - 2013-12-22 18:17 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-22 18:17 - 2013-12-22 18:16 - 00000000 ____D C:\Program Files\WinRAR
2013-12-22 18:16 - 2013-12-22 18:16 - 01977432 _____ C:\Users\****\Downloads\winrar-x64-501.exe
2013-12-22 16:36 - 2013-12-22 02:06 - 00000000 ____D C:\Users\****\AppData\Roaming\Adobe
2013-12-22 16:26 - 2013-12-22 16:26 - 00000000 ____D C:\Users\****\AppData\Local\Activision
2013-12-22 16:23 - 2012-07-26 08:21 - 00029328 _____ C:\WINDOWS\setupact.log
2013-12-22 04:02 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-22 03:59 - 2013-12-22 02:06 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-22 03:59 - 2013-12-22 02:06 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-22 03:55 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-22 03:45 - 2012-07-26 06:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-12-22 03:33 - 2013-12-22 03:33 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-12-22 03:33 - 2013-12-22 03:33 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-22 03:33 - 2013-10-18 23:33 - 00000000 ____D C:\ProgramData\Intel
2013-12-22 03:33 - 2013-10-18 23:20 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-22 03:31 - 2013-10-18 23:23 - 00000000 ____D C:\Program Files\Intel
2013-12-22 03:31 - 2013-10-18 23:22 - 00000000 ___HD C:\Intel
2013-12-22 03:13 - 2013-12-22 03:13 - 00000000 ____D C:\Users\****\AppData\Local\Macromedia
2013-12-22 03:02 - 2013-12-22 03:02 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-12-22 02:59 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\Documents\Youcam
2013-12-22 02:56 - 2013-12-22 02:56 - 00000000 ____D C:\Users\****\Documents\Avatar
2013-12-22 02:53 - 2013-10-19 00:00 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-22 02:52 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\AppData\Roaming\CyberLink
2013-12-22 02:52 - 2013-12-22 02:52 - 00000000 ____D C:\Users\****\AppData\Local\CyberLink
2013-12-22 02:42 - 2013-12-22 02:42 - 00000000 ____D C:\Users\****\AppData\Roaming\NVIDIA
2013-12-22 02:41 - 2013-12-22 02:41 - 05032470 _____ (Geeks3D ) C:\Users\****\Downloads\FurMark_1.12.0_Setup.exe
2013-12-22 02:41 - 2013-12-22 02:41 - 00000000 ____D C:\Program Files\VideoLAN
2013-12-22 02:40 - 2013-12-22 02:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-22 02:30 - 2013-12-22 02:30 - 00000000 _____ C:\Users\****\agent.log
2013-12-22 02:20 - 2013-12-22 02:20 - 00000000 ____D C:\Users\****\AppData\Roaming\Nitro
2013-12-22 02:18 - 2013-12-22 02:18 - 00000000 ____D C:\Users\****\AppData\Local\Intel_Corporation
2013-12-22 02:14 - 2013-12-22 02:12 - 00000000 ____D C:\Users\****\AppData\Local\NVIDIA
2013-12-22 02:13 - 2013-12-22 02:13 - 00000000 ____D C:\Users\****\AppData\Local\NVIDIA Corporation
2013-12-22 02:13 - 2013-10-18 23:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-22 02:13 - 2013-10-18 23:24 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-22 02:13 - 2013-10-18 23:24 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-22 02:13 - 2013-10-18 23:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-22 02:11 - 2013-12-22 02:11 - 00002770 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-22 02:11 - 2013-12-22 02:10 - 00000000 ____D C:\Program Files\CCleaner
2013-12-22 02:10 - 2013-12-22 02:08 - 23679700 _____ C:\Users\****\Downloads\vlc-2.1.1-win64.exe
2013-12-22 02:10 - 2013-10-19 00:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2013-12-22 02:07 - 2013-12-22 02:07 - 03541544 _____ (Piriform Ltd) C:\Users\****\Downloads\ccsetup408_slim.exe
2013-12-22 02:07 - 2013-12-22 02:07 - 00000000 ____D C:\Users\****\AppData\Roaming\Intel Corporation
2013-12-22 02:07 - 2013-12-22 02:07 - 00000000 ____D C:\ProgramData\Energy Management
2013-12-22 02:07 - 2013-12-22 02:05 - 00001129 _____ C:\Users\****\Desktop\Cyberlink Power2Go.lnk
2013-12-22 02:06 - 2013-12-22 02:06 - 00001449 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-22 02:06 - 2013-12-22 02:06 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2013-12-22 02:06 - 2013-12-22 02:06 - 00000000 ____D C:\Users\****\AppData\Roaming\Macromedia
2013-12-22 02:06 - 2013-12-22 02:06 - 00000000 ____D C:\ProgramData\eBay
2013-12-22 02:06 - 2013-10-19 08:42 - 00112468 ____H C:\WINDOWS\modules.log
2013-12-22 02:05 - 2013-12-22 02:05 - 00000020 ___SH C:\Users\****\ntuser.ini
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Vorlagen
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Startmenü
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Netzwerkumgebung
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Lokale Einstellungen
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Eigene Dateien
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Druckumgebung
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Documents\Eigene Musik
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Documents\Eigene Bilder
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Local\Verlauf
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\AppData\Local\Anwendungsdaten
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 _SHDL C:\Users\****\Anwendungsdaten
2013-12-22 02:05 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****\AppData\Roaming\Intel
2013-12-22 02:05 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Programme
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-22 01:48 - 2013-12-22 01:48 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-22 01:48 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows NT
2013-12-22 01:48 - 2012-07-26 06:37 - 00000000 ___HD C:\Users\Default
2013-12-22 00:42 - 2013-12-22 00:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-22 00:40 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2013-12-22 00:35 - 2013-12-22 02:05 - 00000000 ____D C:\Users\****
2013-12-21 23:47 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-21 23:31 - 2013-12-21 22:41 - 00000000 ____D C:\ProgramData\Adobe
2013-12-21 23:30 - 2013-12-22 03:08 - 00000000 ____D C:\Users\****\AppData\Local\Adobe
2013-12-21 22:42 - 2013-12-21 22:42 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-21 22:42 - 2013-12-21 22:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-21 22:31 - 2013-12-21 22:31 - 00000000 ____D C:\Users\****\AppData\Roaming\Avira
2013-12-21 22:29 - 2013-12-21 22:29 - 00000000 ____D C:\ProgramData\Avira
2013-12-21 22:29 - 2013-12-21 22:29 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-21 22:27 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-12-21 22:22 - 2013-12-22 04:13 - 129598176 _____ C:\Users\****\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-21 22:22 - 2013-12-21 22:22 - 00007609 _____ C:\Users\****\AppData\Local\Resmon.ResmonCfg
2013-12-10 03:13 - 2013-12-22 02:13 - 01100248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2013-12-10 03:13 - 2013-12-22 02:13 - 00982232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2013-12-09 11:37 - 2013-12-21 22:29 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-21 22:29 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-21 22:29 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2013-12-21 22:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-12-05 09:42 - 2013-12-22 02:12 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2013-12-05 09:42 - 2013-12-22 02:12 - 00035104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2013-12-05 09:42 - 2013-12-22 02:12 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2013-12-04 01:53 - 2012-07-26 09:14 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:53 - 2012-07-26 09:14 - 00078304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-01 14:42 - 2013-12-22 00:41 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\avgnt.exe
C:\Users\****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-03-25 22:02
==================== End Of Log ============================
--- --- --- |
|
25.12.2013, 15:06
| #6 |
| /// the machine /// TB-Ausbilder | weDownload Manager Pro - Spyware/Adware FRST immer nur wie gemacht vom Desktop scannen lassen, solange ich nix andres sage .Noch Probleme?
__________________ --> weDownload Manager Pro - Spyware/Adware |
|
25.12.2013, 18:54
| #7 |
| | weDownload Manager Pro - Spyware/Adware Perfekt Ja scheint dann soweit alles zu passen oder ist in den Logs noch was zu sehen? |
|
26.12.2013, 14:43
| #8 |
| /// the machine /// TB-Ausbilder | weDownload Manager Pro - Spyware/Adware Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.12.2013, 23:16
| #9 |
| | weDownload Manager Pro - Spyware/Adware So, die letzten Schritte haben auch alle geklappt. Also erstmal vielen vielen Dank für deine Hilfe und die Zeit die du investiert hast!!! In diesem Forum gibt es echt einen super Service 1 Frage ist jetzt dennoch offen geblieben: - Im Mbam sind unter Quarantäne immer noch Einträge gelistet. Ich hab jetzt noch Stichproben von den den angegebenen Pfaden kontrolliert und in diesen angegebenen Verzeichnissen ist nichts mehr vorhanden bzw. das Verzeichnis existiert schon nicht mehr. (zB. C:\AdwCleaner\...). Das sollte dann doch auch so passen oder? Da die Dateien in der Quarantäne ja durch DelFix gelöscht werden sollten. Also gehe ich davon aus, dass die Mbam Quarantäne-Einträge "veraltet" sind und das alles so passt? Grüße |
|
27.12.2013, 16:54
| #10 |
| /// the machine /// TB-Ausbilder | weDownload Manager Pro - Spyware/Adware Die Quarantäne von MBAM kannste leeren
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu weDownload Manager Pro - Spyware/Adware |
| antworten, appdatalow, chip.de, daten, diverse, ebenfalls, einstellungen, festgestellt, firefox, frage, gekauft, google, infiziert, installiert, kleine, manager, meldung, neues, notebook, nvpciflt.sys, office, registrierungsdatenbank, schnell, seite, software, spyware, suche, verändert, windows |
Linear-Darstellung
