Info zu Schritt 1:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.04.03
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
User :: IDEA-PC [Administrator]
04.01.2014 13:00:40
mbam-log-2014-01-04 (13-00-40).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227519
Laufzeit: 3 Minute(n), 38 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Daten: "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\User\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Daten: hxxp://search.conduit.com?SearchSource=10&CUI=UN23389782916221105&UM=2&ctid=CT3312331 -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 12
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\SpeedAnalysis3 (PUP.Optional.SpeedAnalysis3.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\7go (PUP.Optional.7Go.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 37
C:\Users\User\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\CodecPerformerSetup.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\PerformerSoft\PC Performer\rcpupdate.ini (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\PerformerSoft\PC Performer\ExcludeList.rcp (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\PerformerSoft\PC Performer\German_rcp.dat (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\PerformerSoft\PC Performer\log_09-15-2013.log (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\PerformerSoft\PC Performer\log_09-18-2013.log (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\PerformerSoft\PC Performer\results.rcp (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\PerformerSoft\PC Performer\TempHLList.rcp (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\PC Performer_DEFAULT.job (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\PC Performer_UPDATES.job (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\speedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\SpeedAnalysis3\speedanalysis.crx (PUP.Optional.SpeedAnalysis3.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\7go\7go.crx (PUP.Optional.7Go.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\7go\icon.ico (PUP.Optional.7Go.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Info zu Schritt 2AdwCleaner Logfile:
Code:
# AdwCleaner v3.016 - Bericht erstellt am 04/01/2014 um 13:19:42
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : User - IDEA-PC
# Gestartet von : C:\Users\User\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Searchprotect
Ordner Gelöscht : C:\Program Files (x86)\appbarioDE
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\appbarioDE
Ordner Gelöscht : C:\Users\User\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\User\AppData\Roaming\quickclick
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\peco6xq4.default\CT3312331
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\peco6xq4.default\Extensions\{525ba996-1ce4-4677-91c5-9fc4ead2d245}
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\peco6xq4.default\user.js
Datei Gelöscht : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
Datei Gelöscht : C:\WINDOWS\System32\Tasks\PC Performer
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3312331
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{525BA996-1CE4-4677-91C5-9FC4EAD2D245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4912F6DC-F59A-43E0-9371-D7CC7B3C500A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{525BA996-1CE4-4677-91C5-9FC4EAD2D245}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{525BA996-1CE4-4677-91C5-9FC4EAD2D245}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4912F6DC-F59A-43E0-9371-D7CC7B3C500A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{525BA996-1CE4-4677-91C5-9FC4EAD2D245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4912F6DC-F59A-43E0-9371-D7CC7B3C500A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138AD4D-AAEA-4877-B815-610E82E1D603}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21B4B352-B234-4FFA-95D4-4B382D34DEFF}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{525BA996-1CE4-4677-91C5-9FC4EAD2D245}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{525BA996-1CE4-4677-91C5-9FC4EAD2D245}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{525BA996-1CE4-4677-91C5-9FC4EAD2D245}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{525BA996-1CE4-4677-91C5-9FC4EAD2D245}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\PerformerSoft
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\appbarioDE
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\PerformerSoft
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\appbarioDE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\appbarioDE Toolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\peco6xq4.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [4892 octets] - [04/01/2014 13:16:09]
AdwCleaner[S0].txt - [4673 octets] - [04/01/2014 13:19:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4733 octets] ##########
--- --- ---
Info zu Schritt 3
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 8.1 x64
Ran by User on 04.01.2014 at 13:29:33,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D9D408F5-7811-4FC8-A247-3A19E5191908}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\peco6xq4.default\minidumps [11 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.01.2014 at 13:33:50,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Info zu Schritt 4 -> FRST.txt
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by User (administrator) on IDEA-PC on 04-01-2014 13:40:33
Running from C:\Users\User\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-10] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [191568 2013-04-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-20] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272640 2012-09-12] (Microsoft Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {7CB98857-3F2C-4722-B8A5-098EA6C4D055} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {7CB98857-3F2C-4722-B8A5-098EA6C4D055} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {7CB98857-3F2C-4722-B8A5-098EA6C4D055} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {7CB98857-3F2C-4722-B8A5-098EA6C4D055} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\peco6xq4.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-20] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2013-12-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2013-12-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-20] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1034464 2013-12-20] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422216 2013-12-20] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [79672 2013-12-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-20] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-04 13:40 - 2014-01-04 13:40 - 00014869 _____ C:\Users\User\Desktop\FRST.txt
2014-01-04 13:40 - 2014-01-04 13:40 - 00000000 ____D C:\FRST
2014-01-04 13:39 - 2014-01-04 13:39 - 01931368 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-01-04 13:38 - 2014-01-04 13:38 - 00017570 _____ C:\Users\User\Desktop\get-mirror-server.html
2014-01-04 13:33 - 2014-01-04 13:33 - 00000891 _____ C:\Users\User\Desktop\JRT.txt
2014-01-04 13:29 - 2014-01-04 13:29 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-04 13:27 - 2014-01-04 13:27 - 01036305 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-01-04 13:21 - 2014-01-04 13:21 - 00014412 _____ C:\WINDOWS\PFRO.log
2014-01-04 13:21 - 2014-01-04 13:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-04 13:21 - 2014-01-04 13:21 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-04 13:15 - 2014-01-04 13:19 - 00000000 ____D C:\AdwCleaner
2014-01-04 13:14 - 2014-01-04 13:14 - 01233962 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-04 12:56 - 2014-01-04 12:56 - 00001136 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-04 12:56 - 2014-01-04 12:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-04 12:56 - 2014-01-04 12:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 12:56 - 2014-01-04 12:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 12:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-04 12:52 - 2014-01-04 12:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-03 16:10 - 2014-01-04 13:26 - 00045988 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-29 20:50 - 2013-12-29 20:50 - 13079688 _____ (Microsoft Corporation) C:\Users\User\Downloads\Silverlight_x64.exe
2013-12-29 20:50 - 2013-12-29 20:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-29 20:50 - 2013-12-29 20:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-27 17:13 - 2013-12-27 17:13 - 00000000 ____D C:\Users\User\AppData\Roaming\cerasus.media
2013-12-25 23:48 - 2013-12-30 22:51 - 00000000 ____D C:\Users\User\Documents\Madden NFL 06
2013-12-25 23:47 - 2013-12-25 23:47 - 00002125 _____ C:\Users\Public\Desktop\Madden NFL 06.lnk
2013-12-25 23:34 - 2013-12-25 23:34 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-24 14:20 - 2013-12-24 14:20 - 00001103 _____ C:\Users\Public\Desktop\100 Prozent Wimmelbild.lnk
2013-12-24 14:18 - 2013-12-24 14:20 - 00000000 ____D C:\Program Files (x86)\100% Wimmelbild
2013-12-24 14:18 - 2013-12-24 14:18 - 00001383 _____ C:\Users\Public\Desktop\Mystery Stories - Expedition des Grauens.lnk
2013-12-24 14:17 - 2013-12-24 14:18 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Expedition des Grauens
2013-12-20 23:42 - 2013-12-20 23:42 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-20 23:42 - 2013-12-20 23:42 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00092544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00065776 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-20 23:42 - 2013-12-20 23:42 - 00001993 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-20 23:42 - 2013-12-20 23:42 - 00000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2013-12-20 23:41 - 2013-12-20 23:41 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-20 23:41 - 2013-12-20 23:41 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-20 23:38 - 2013-12-20 23:40 - 91412976 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup.exe
2013-12-20 23:33 - 2013-12-20 23:33 - 04645232 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup409.exe
2013-12-20 15:54 - 2013-12-20 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 15:32 - 2013-12-19 15:32 - 00001024 _____ C:\Users\Public\Desktop\Mystery Stories - Das Geisterschiff.lnk
2013-12-19 15:32 - 2013-12-19 15:32 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Das Geisterschiff
2013-12-19 15:30 - 2013-12-24 14:16 - 00000032 _____ C:\WINDOWS\setup.INI
2013-12-19 14:26 - 2013-12-19 14:26 - 00000000 ____D C:\Users\User\AppData\Roaming\Alawar Stargaze
2013-12-18 23:57 - 2013-12-19 00:12 - 936684912 _____ (INTENIUM GmbH) C:\Users\User\Downloads\MountainCrimeDieVergeltung.exe
2013-12-17 14:08 - 2013-12-19 15:27 - 00000000 ____D C:\Program Files (x86)\DEUTSCHLAND SPIELT
2013-12-17 14:08 - 2013-12-19 00:18 - 00001162 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2013-12-17 14:08 - 2013-12-17 14:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Intenium
2013-12-17 14:08 - 2013-12-17 14:08 - 00000000 ____D C:\ProgramData\Intenium
2013-12-17 14:08 - 2013-12-17 14:08 - 00000000 ____D C:\Program Files (x86)\OXXOGames
2013-12-17 13:48 - 2013-12-17 13:57 - 546303528 _____ (INTENIUM GmbH) C:\Users\User\Downloads\DerTempelDesLebens.exe
2013-12-15 14:46 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-15 14:46 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-15 14:46 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-15 14:46 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-15 14:46 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-15 14:46 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-15 14:46 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-15 14:46 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-15 14:46 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-15 14:46 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-15 14:46 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-15 14:46 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-15 14:46 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-15 14:46 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-15 14:46 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-15 14:46 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-15 14:46 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-15 14:46 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-15 14:46 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-15 14:46 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-15 14:46 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-15 14:46 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-15 14:46 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-15 14:46 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-15 14:46 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-15 14:46 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-15 14:46 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-15 14:46 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-15 14:46 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-15 14:46 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-15 14:46 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-15 14:46 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-15 14:46 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-15 14:46 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-15 14:46 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-15 14:46 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-15 14:46 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-15 14:46 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-15 14:46 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-15 14:46 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-15 14:46 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-15 14:46 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-15 14:46 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-15 14:46 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-15 14:46 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-15 14:46 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-15 14:46 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-13 10:36 - 2013-12-13 10:36 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-12-12 13:36 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-12 13:36 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-12 13:36 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-12 13:36 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-12 13:36 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-12 13:36 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-12 13:36 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-12 13:36 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-12 13:36 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-12 13:36 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-12 13:36 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-12 13:36 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-12 13:36 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-12 13:36 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-12 13:36 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-12 13:36 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-12 13:36 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-12 13:36 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-12 13:36 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-12 13:36 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-12 13:36 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-12 13:36 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-12 13:36 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-12 13:36 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-12 13:36 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-12 13:35 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-12 13:35 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-12 13:35 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-12 13:35 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-07 17:45 - 2013-12-07 17:45 - 00000000 ____D C:\Users\User\Documents\Benutzerdefinierte Office-Vorlagen
==================== One Month Modified Files and Folders =======
2014-01-04 13:40 - 2014-01-04 13:40 - 00014869 _____ C:\Users\User\Desktop\FRST.txt
2014-01-04 13:40 - 2014-01-04 13:40 - 00000000 ____D C:\FRST
2014-01-04 13:39 - 2014-01-04 13:39 - 01931368 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-01-04 13:38 - 2014-01-04 13:38 - 00017570 _____ C:\Users\User\Desktop\get-mirror-server.html
2014-01-04 13:36 - 2013-08-07 17:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2194236267-3622358997-1786132295-1001
2014-01-04 13:33 - 2014-01-04 13:33 - 00000891 _____ C:\Users\User\Desktop\JRT.txt
2014-01-04 13:31 - 2013-08-23 20:00 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-04 13:31 - 2013-05-25 16:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Nitro PDF
2014-01-04 13:29 - 2014-01-04 13:29 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-04 13:27 - 2014-01-04 13:27 - 01036305 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-01-04 13:26 - 2014-01-03 16:10 - 00045988 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-04 13:23 - 2013-04-10 01:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2014-01-04 13:21 - 2014-01-04 13:21 - 00014412 _____ C:\WINDOWS\PFRO.log
2014-01-04 13:21 - 2014-01-04 13:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-04 13:21 - 2014-01-04 13:21 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-04 13:21 - 2013-08-23 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-04 13:21 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-04 13:20 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-04 13:19 - 2014-01-04 13:15 - 00000000 ____D C:\AdwCleaner
2014-01-04 13:14 - 2014-01-04 13:14 - 01233962 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-04 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-04 12:56 - 2014-01-04 12:56 - 00001136 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-04 12:56 - 2014-01-04 12:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-04 12:56 - 2014-01-04 12:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 12:56 - 2014-01-04 12:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 12:52 - 2014-01-04 12:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-04 12:51 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-04 12:51 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-04 12:51 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-03 16:09 - 2013-11-11 18:00 - 00009216 ___SH C:\Users\User\Desktop\Thumbs.db
2013-12-30 22:51 - 2013-12-25 23:48 - 00000000 ____D C:\Users\User\Documents\Madden NFL 06
2013-12-29 20:50 - 2013-12-29 20:50 - 13079688 _____ (Microsoft Corporation) C:\Users\User\Downloads\Silverlight_x64.exe
2013-12-29 20:50 - 2013-12-29 20:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-29 20:50 - 2013-12-29 20:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-28 15:25 - 2013-08-16 09:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-28 15:24 - 2013-08-07 18:35 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-27 19:06 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-27 17:13 - 2013-12-27 17:13 - 00000000 ____D C:\Users\User\AppData\Roaming\cerasus.media
2013-12-25 23:47 - 2013-12-25 23:47 - 00002125 _____ C:\Users\Public\Desktop\Madden NFL 06.lnk
2013-12-25 23:34 - 2013-12-25 23:34 - 00000000 ____D C:\Program Files (x86)\EA SPORTS
2013-12-24 14:20 - 2013-12-24 14:20 - 00001103 _____ C:\Users\Public\Desktop\100 Prozent Wimmelbild.lnk
2013-12-24 14:20 - 2013-12-24 14:18 - 00000000 ____D C:\Program Files (x86)\100% Wimmelbild
2013-12-24 14:18 - 2013-12-24 14:18 - 00001383 _____ C:\Users\Public\Desktop\Mystery Stories - Expedition des Grauens.lnk
2013-12-24 14:18 - 2013-12-24 14:17 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Expedition des Grauens
2013-12-24 14:16 - 2013-12-19 15:30 - 00000032 _____ C:\WINDOWS\setup.INI
2013-12-21 10:10 - 2013-09-07 11:55 - 00000000 ____D C:\Users\User\Desktop\Wohnung
2013-12-20 23:42 - 2013-12-20 23:42 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-20 23:42 - 2013-12-20 23:42 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00092544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00065776 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-12-20 23:42 - 2013-12-20 23:42 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-20 23:42 - 2013-12-20 23:42 - 00001993 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-20 23:42 - 2013-12-20 23:42 - 00000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2013-12-20 23:42 - 2013-08-28 20:31 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-12-20 23:41 - 2013-12-20 23:41 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-20 23:41 - 2013-12-20 23:41 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-20 23:40 - 2013-12-20 23:38 - 91412976 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup.exe
2013-12-20 23:35 - 2013-09-11 20:23 - 00000000 ____D C:\Users\User\Tracing
2013-12-20 23:34 - 2013-10-18 15:42 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-20 23:33 - 2013-12-20 23:33 - 04645232 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup409.exe
2013-12-20 23:33 - 2013-08-28 20:37 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-20 23:33 - 2013-08-28 20:37 - 00000000 ____D C:\Program Files\CCleaner
2013-12-20 23:32 - 2013-09-19 06:22 - 00002217 _____ C:\WINDOWS\wininit.ini
2013-12-20 15:55 - 2013-12-20 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 17:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-19 15:32 - 2013-12-19 15:32 - 00001024 _____ C:\Users\Public\Desktop\Mystery Stories - Das Geisterschiff.lnk
2013-12-19 15:32 - 2013-12-19 15:32 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Das Geisterschiff
2013-12-19 15:27 - 2013-12-17 14:08 - 00000000 ____D C:\Program Files (x86)\DEUTSCHLAND SPIELT
2013-12-19 14:26 - 2013-12-19 14:26 - 00000000 ____D C:\Users\User\AppData\Roaming\Alawar Stargaze
2013-12-19 00:18 - 2013-12-17 14:08 - 00001162 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2013-12-19 00:12 - 2013-12-18 23:57 - 936684912 _____ (INTENIUM GmbH) C:\Users\User\Downloads\MountainCrimeDieVergeltung.exe
2013-12-17 20:20 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-17 20:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-17 20:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-17 20:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-17 20:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-17 14:08 - 2013-12-17 14:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Intenium
2013-12-17 14:08 - 2013-12-17 14:08 - 00000000 ____D C:\ProgramData\Intenium
2013-12-17 14:08 - 2013-12-17 14:08 - 00000000 ____D C:\Program Files (x86)\OXXOGames
2013-12-17 13:57 - 2013-12-17 13:48 - 546303528 _____ (INTENIUM GmbH) C:\Users\User\Downloads\DerTempelDesLebens.exe
2013-12-13 18:03 - 2013-08-22 15:44 - 00478696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-13 10:37 - 2013-09-11 20:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 10:36 - 2013-12-13 10:36 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-12-12 13:48 - 2013-10-28 17:39 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-12 09:31 - 2013-08-23 20:00 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-07 17:45 - 2013-12-07 17:45 - 00000000 ____D C:\Users\User\Documents\Benutzerdefinierte Office-Vorlagen
Files to move or delete:
====================
C:\ProgramData\Lenovo-27548.vbs
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-02 17:24
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition.txt.
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by User at 2014-01-04 13:40:58
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
100 Prozent Wimmelbild (x32 Version: - cerasus.media GmbH)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (Version: 4.09 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DEUTSCHLAND SPIELT GAME CENTER (x32 Version: 2.2.1.44 - INTENIUM GmbH)
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKCU Version: 2.2.13 - Dropbox, Inc.)
EA SPORTS online 2006 (x32 Version: - )
Energy Management (x32 Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0 - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (x32 Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo Photos (x32 Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (Version: 1.1.009.00 - Lenovo Group Limited)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (x32 Version: 6.30.5926 - Lenovo)
Madden NFL 06 (x32 Version: - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4551.1011 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
Mystery Stories - Das Geisterschiff (x32 Version: - Rondomedia)
Mystery Stories - Expedition des Grauens (x32 Version: - cerasus.media GmbH)
Nitro Pro 8 (Version: 8.0.10.7 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (Version: 16.2.10.13 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
UserGuide (x32 Version: 1.0.0.9 - Lenovo)
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Restore Points =========================
17-12-2013 19:18:41 Windows Update
20-12-2013 22:41:32 avast! antivirus system restore point
24-12-2013 09:52:20 Windows Update
28-12-2013 14:23:30 Windows Update
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0583F5B5-0C22-41E4-AF93-EC2C6F27E206} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {05CD28AE-FCB8-4E78-A60C-9909802E471B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {348689F5-97C1-45F4-B6F5-AD8B997D899A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-20] (AVAST Software)
Task: {35201E89-5E1F-4B08-ACA6-B1D118EA4EAC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {51399CB5-CADE-427D-B554-2C41BA8E176B} - \BackgroundContainer Startup Task No Task File
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {797D28C0-6456-43E6-808E-514390323E72} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-11-13] (Microsoft Corporation)
Task: {82B174B4-6154-4E45-9E9C-6C59B720B166} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-08-08] (Lenovo)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C132666-B49B-4A49-801D-907D6C06C468} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99192411-43CE-4BDD-96E9-4C5760D4DE46} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-11-13] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AC8969D3-E922-4004-98D2-F3BBC426C93D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {AD6C4F53-5763-4A5E-962A-DE88DD168A71} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-28] (Microsoft Corporation)
Task: {B3474EE3-E980-448D-9DD4-3CC1B6F95D29} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-02] (Microsoft Corporation)
Task: {B611B44C-C80A-4AB4-B3AF-802232650B22} - \PC Performer No Task File
Task: {C192A6A6-B321-4AB4-B845-0D0D90B49179} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D573BA4A-2801-4D0F-BA02-94C208BC5C4E} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F385F11C-BB70-4527-988F-AE9B07CE9317} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: {F7466F43-2606-4FE7-8D87-2C3EEB3A9C48} - System32\Tasks\Lenovo\Lenovo-27548 => C:\ProgramData\Lenovo-27548.vbs [2013-04-10] ()
Task: {F88A376F-12DA-470D-ADE8-0A9B392B3C23} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: {FB6CED07-729B-4CFE-9AEF-F6566AE9A6C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-02 23:26 - 2014-01-02 19:10 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\14010201\algo.dll
2014-01-04 13:22 - 2014-01-03 19:28 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\14010300\algo.dll
2013-11-09 10:47 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-09 10:47 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-09 10:47 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-11-09 10:47 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-11-09 10:47 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-12-20 23:42 - 2013-12-20 23:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-10 01:03 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-20 15:54 - 2013-12-20 15:54 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 8057.77 MB
Available physical RAM: 6394 MB
Total Pagefile: 9337.77 MB
Available Pagefile: 7629.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:418.09 GB) (Free:356.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.59 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 88B07B13)
Partition: GPT Partition Type
==================== End Of Log ============================
--- --- ---
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit