Trojaner-Board - uninstall.exe und anderes entdeckt [Laptop 2 Tage alt]

hi also erstmal danke für die schnelle Antwort :)

hier die FRST.txt

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014

Ran by Sabrina (administrator) on BRINIZI on 01-12-2014 21:48:00

Running from C:\Users\Sabrina\Downloads

Loaded Profile: Sabrina (Available profiles: Sabrina)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKWCtlx64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKService.exe

() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe

(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFwSvcx64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe

(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVKTray\AVKTray.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek semiconductor) C:\Windows\RTFTrack.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Pokki) C:\Users\Sabrina\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(Pokki) C:\Users\Sabrina\AppData\Local\Pokki\Engine\HostAppService.exe

(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFirewallTray.exe

(Pokki) C:\Users\Sabrina\AppData\Local\Pokki\Engine\HostAppService.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Pokki) C:\Users\Sabrina\AppData\Local\Pokki\Engine\StartMenuIndexer.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2781936 2013-12-24] (Synaptics Incorporated)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)

HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-21] (Lenovo(beijing) Limited)

HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-21] (Lenovo(beijing) Limited)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\TotalProtection\AVKTray\AVKTray.exe,c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe,

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1897811959-3106102651-190997941-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON

AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-08-25] (ClientConnect LTD)

AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-08-25] (ClientConnect LTD)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1897811959-3106102651-190997941-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB

HKU\S-1-5-21-1897811959-3106102651-190997941-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB

HKU\S-1-5-21-1897811959-3106102651-190997941-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com

HKU\S-1-5-21-1897811959-3106102651-190997941-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com

Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)

Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\vk3ud09v.default

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\vk3ud09v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-30]
 

Chrome: 

=======
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)

R2 AVKService; C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)

R2 AVKWCtl; C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [79872 2014-01-06] () [File not signed]

R2 GDBackupSvc; C:\Program Files (x86)\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe [3844216 2014-08-21] (G Data Software AG)

R3 GDFwSvc; C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)

R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)

S3 GDTunerSvc; C:\Program Files (x86)\G DATA\TotalProtection\AVKTuner\AVKTunerService.exe [1637496 2014-05-28] (G Data Software AG)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)

R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)

R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-21] (Lenovo(beijing) Limited)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)

S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-10-28] (The OpenVPN Project)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()

S3 TSNxGService; C:\Program Files (x86)\G DATA\TotalProtection\TSNxG\TSNxGService.exe [255608 2014-07-01] (G DATA Software)

R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-09-21] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-12-01] (G Data Software AG)

R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2014-12-01] (G Data Software AG)

R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [142336 2014-12-01] (G Data Software AG)

R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [64000 2014-12-01] (G Data Software AG)

R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2014-12-01] (G Data Software AG)

R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2014-12-01] (G Data Software)

R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [61440 2014-12-01] (G Data Software AG)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-01] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)

R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-05] (Realtek Semiconductor Corporation)

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-26] (Realtek Semiconductor Corporation                           )

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-24] (Synaptics Incorporated)

R0 TS4NT; C:\Windows\System32\Drivers\TS4nt.sys [98760 2014-12-01] (G Data Software)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-01 21:48 - 2014-12-01 21:48 - 00016498 _____ () C:\Users\Sabrina\Downloads\FRST.txt

2014-12-01 21:47 - 2014-12-01 21:48 - 00000000 ____D () C:\FRST

2014-12-01 21:46 - 2014-12-01 21:46 - 02117120 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe

2014-12-01 20:34 - 2014-12-01 20:34 - 00001279 _____ () C:\Users\Sabrina\Desktop\suchlauf1.txt

2014-12-01 20:28 - 2014-12-01 20:28 - 00010017 _____ () C:\Users\Sabrina\Desktop\G DATA Protokoll ID 4.html

2014-12-01 19:55 - 2014-12-01 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-12-01 19:54 - 2014-12-01 19:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-2.0.3.1025.exe

2014-12-01 19:54 - 2014-12-01 19:54 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-01 19:54 - 2014-12-01 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-01 19:54 - 2014-12-01 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-01 19:54 - 2014-12-01 19:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-01 19:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-12-01 19:54 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-12-01 19:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-12-01 18:59 - 2014-12-01 18:59 - 00106272 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GRD.sys

2014-12-01 18:59 - 2014-12-01 18:59 - 00018160 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GdPhyMem.sys

2014-12-01 18:58 - 2014-12-01 18:58 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\OpenOffice

2014-12-01 18:53 - 2014-12-01 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL PROTECTION

2014-12-01 18:50 - 2014-12-01 18:50 - 00003028 _____ () C:\Users\Sabrina\Desktop\G DATA Protokoll ID 1.html

2014-12-01 18:24 - 2014-12-01 18:53 - 00002002 _____ () C:\Users\Public\Desktop\G DATA TOTAL PROTECTION.lnk

2014-12-01 18:24 - 2014-12-01 18:24 - 00064000 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys

2014-12-01 18:23 - 2014-12-01 18:53 - 00098760 _____ (G Data Software) C:\WINDOWS\system32\Drivers\TS4nt.sys

2014-12-01 18:23 - 2014-12-01 18:53 - 00068608 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys

2014-12-01 18:23 - 2014-12-01 18:53 - 00020992 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDKBFlt64.sys

2014-12-01 18:23 - 2014-12-01 18:23 - 00142336 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys

2014-12-01 18:23 - 2014-12-01 18:23 - 00061440 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys

2014-12-01 18:23 - 2014-12-01 18:23 - 00055808 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys

2014-12-01 18:23 - 2014-12-01 18:23 - 00000779 _____ () C:\Users\Sabrina\AppData\Roaming\gdscan.log

2014-12-01 18:23 - 2014-12-01 18:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf

2014-12-01 18:23 - 2014-12-01 18:23 - 00000000 _____ () C:\Users\Sabrina\AppData\Roaming\gdfw.log

2014-12-01 18:22 - 2014-12-01 18:22 - 00000000 ____D () C:\ProgramData\G DATA Software

2014-12-01 18:20 - 2014-12-01 18:20 - 00000000 ____D () C:\Program Files (x86)\G DATA

2014-12-01 18:17 - 2014-12-01 18:33 - 00000000 ____D () C:\ProgramData\G Data

2014-12-01 18:14 - 2014-12-01 18:16 - 237965560 _____ (G Data Software AG) C:\Users\Sabrina\Downloads\INT_R_BASE_2015_TP.exe

2014-12-01 17:28 - 2014-12-01 17:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\LolClient

2014-12-01 16:28 - 2014-12-01 16:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\NVIDIA Corporation

2014-12-01 16:27 - 2014-12-01 16:27 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\NVIDIA

2014-12-01 16:27 - 2014-12-01 16:27 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-12-01 16:27 - 2014-11-17 21:02 - 02800296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll

2014-12-01 16:27 - 2014-11-17 21:02 - 02197680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll

2014-12-01 16:27 - 2014-11-17 21:02 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll

2014-12-01 16:27 - 2014-11-17 21:02 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll

2014-12-01 16:27 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll

2014-12-01 16:27 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll

2014-12-01 16:27 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll

2014-12-01 16:27 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll

2014-12-01 16:27 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll

2014-12-01 16:27 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 20986592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 18514616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 16884632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys

2014-12-01 16:25 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434475.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434475.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll

2014-12-01 16:25 - 2014-11-13 01:20 - 00027094 _____ () C:\WINDOWS\system32\nvinfo.pb

2014-12-01 16:25 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

2014-12-01 16:25 - 2014-10-03 20:23 - 00035144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll

2014-12-01 16:25 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

2014-12-01 16:24 - 2014-12-01 16:24 - 00000000 ____D () C:\NVIDIA

2014-12-01 16:18 - 2014-12-01 16:22 - 308364224 _____ (NVIDIA Corporation) C:\Users\Sabrina\Downloads\344.75-notebook-win8-win7-64bit-international-whql.exe

2014-12-01 12:07 - 2014-12-01 12:07 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-01 12:06 - 2014-12-01 12:09 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Adobe

2014-12-01 12:06 - 2014-12-01 12:09 - 00000000 ____D () C:\ProgramData\Adobe

2014-12-01 12:06 - 2014-12-01 12:06 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-12-01 12:04 - 2014-12-01 12:04 - 00001204 _____ () C:\Users\Sabrina\Desktop\OpenOffice 4.1.1.lnk

2014-12-01 12:04 - 2014-12-01 12:04 - 00000000 ___SD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1

2014-12-01 12:04 - 2014-12-01 12:04 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4

2014-12-01 12:02 - 2014-12-01 12:02 - 164858324 _____ () C:\Users\Sabrina\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe

2014-12-01 12:02 - 2014-12-01 12:02 - 00000000 ____D () C:\Users\Sabrina\Downloads\OpenOffice 4.1.1 (de) Installation Files

2014-12-01 12:00 - 2014-12-01 12:00 - 00000000 ____D () C:\Users\Sabrina\Documents\SAP

2014-12-01 12:00 - 2014-12-01 12:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\SAP

2014-12-01 11:57 - 2014-12-01 11:55 - 00000234 _____ () C:\WINDOWS\saproute.ini

2014-12-01 11:55 - 2014-12-01 11:55 - 00001469 _____ () C:\Users\Sabrina\Downloads\saplogon.ini

2014-12-01 11:55 - 2014-12-01 11:55 - 00000234 _____ () C:\Users\Sabrina\Downloads\saproute.ini

2014-12-01 11:54 - 2014-12-01 11:55 - 00000000 ____D () C:\saplogon

2014-12-01 11:52 - 2014-12-01 11:52 - 143403656 _____ (SAP AG) C:\Users\Sabrina\Downloads\Patch_Level_10.exe

2014-12-01 11:52 - 2014-07-21 05:50 - 05421056 _____ (SAP AG) C:\WINDOWS\SysWOW64\librfc32u.dll

2014-12-01 11:51 - 2014-12-01 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End

2014-12-01 11:51 - 2014-12-01 11:51 - 00001243 _____ () C:\Users\Public\Desktop\SAP Logon.lnk

2014-12-01 11:51 - 2014-12-01 11:51 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\SAP

2014-12-01 11:51 - 2014-12-01 11:47 - 08847360 _____ (IBM Corporation and others) C:\WINDOWS\SysWOW64\icudt34.dll

2014-12-01 11:51 - 2014-12-01 11:47 - 01355776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvbvm50.dll

2014-12-01 11:51 - 2014-12-01 11:47 - 01069376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00946176 _____ (IBM Corporation and others) C:\WINDOWS\SysWOW64\icuuc34.dll

2014-12-01 11:51 - 2014-12-01 11:47 - 00843776 _____ (IBM Corporation and others) C:\WINDOWS\SysWOW64\icuin34.dll

2014-12-01 11:51 - 2014-12-01 11:47 - 00659264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomct2.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00614992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00443488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshflxgd.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00415552 _____ (Microsoft Corporation ) C:\WINDOWS\SysWOW64\comct332.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatgrd.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00258880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msflxgrd.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tabctl32.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00218432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\richtx32.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00170080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comct232.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00155984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlbinf32.dll

2014-12-01 11:51 - 2014-12-01 11:47 - 00133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcans32.dll

2014-12-01 11:51 - 2014-12-01 11:47 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstdfmt.dll

2014-12-01 11:51 - 2014-12-01 11:47 - 00094744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\grid32.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstkprp.dll

2014-12-01 11:51 - 2014-12-01 11:47 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ATL71.dll

2014-12-01 11:51 - 2014-12-01 11:47 - 00067376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysinfo.ocx

2014-12-01 11:51 - 2014-12-01 11:47 - 00001818 _____ () C:\WINDOWS\SysWOW64\icu_license.txt

2014-12-01 11:51 - 2014-12-01 11:45 - 01064960 _____ () C:\WINDOWS\SysWOW64\h5krnl32.dll

2014-12-01 11:51 - 2014-12-01 11:45 - 00188928 _____ () C:\WINDOWS\SysWOW64\h5icon32.dll

2014-12-01 11:51 - 2014-12-01 11:45 - 00175616 _____ () C:\WINDOWS\SysWOW64\h5menu32.dll

2014-12-01 11:51 - 2014-12-01 11:45 - 00114688 _____ (heilerSoftware) C:\WINDOWS\SysWOW64\h5dlg32.dll

2014-12-01 11:51 - 2014-12-01 11:45 - 00095744 _____ () C:\WINDOWS\SysWOW64\h5rtf32.dll

2014-12-01 11:51 - 2014-12-01 11:45 - 00051200 _____ () C:\WINDOWS\SysWOW64\h5tool32.dll

2014-12-01 11:51 - 2014-07-21 05:51 - 01722392 _____ (SAP, Walldorf) C:\WINDOWS\SysWOW64\SAPbtmp.dll

2014-12-01 11:51 - 2014-07-21 05:50 - 04473856 _____ (SAP AG) C:\WINDOWS\SysWOW64\librfc32.dll

2014-12-01 11:49 - 2014-12-01 11:51 - 00000000 ____D () C:\Program Files (x86)\SAP

2014-12-01 11:44 - 2014-12-01 11:44 - 00000000 ____D () C:\Users\Sabrina\Documents\SAP_GUI_730_for_WIN_Compilation_2

2014-12-01 10:44 - 2014-12-01 10:45 - 00005067 _____ () C:\Users\Sabrina\Downloads\openvpn-hs-augsburg.ovpn

2014-12-01 10:42 - 2014-12-01 10:42 - 00000935 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk

2014-12-01 10:42 - 2014-12-01 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows

2014-12-01 10:42 - 2014-12-01 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN

2014-12-01 10:42 - 2014-12-01 10:42 - 00000000 ____D () C:\Program Files\TAP-Windows

2014-12-01 10:42 - 2014-12-01 10:42 - 00000000 ____D () C:\Program Files\OpenVPN

2014-12-01 10:30 - 2014-12-01 10:41 - 01811856 _____ () C:\Users\Sabrina\Downloads\openvpn-install-2.3.5-I001-x86_64.exe

2014-12-01 00:10 - 2014-12-01 00:10 - 00000000 ____D () C:\Users\Public\Pokki

2014-12-01 00:09 - 2014-12-01 20:13 - 00002132 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk

2014-12-01 00:09 - 2014-12-01 09:57 - 00002303 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

2014-12-01 00:09 - 2014-12-01 00:09 - 00002363 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk

2014-12-01 00:06 - 2014-12-01 20:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1897811959-3106102651-190997941-1002

2014-12-01 00:02 - 2014-12-01 00:02 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Macromedia

2014-12-01 00:02 - 2014-12-01 00:02 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Intel Corporation

2014-12-01 00:01 - 2014-12-01 20:13 - 00009870 _____ () C:\Users\Sabrina\AppData\Local\BTServer.log

2014-12-01 00:01 - 2014-12-01 12:09 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Adobe

2014-12-01 00:01 - 2014-12-01 00:09 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Hightail for Lenovo

2014-12-01 00:01 - 2014-12-01 00:01 - 00001461 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-01 00:01 - 2014-12-01 00:01 - 00001260 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BTServer Toasts App.lnk

2014-12-01 00:01 - 2014-12-01 00:01 - 00000000 ____D () C:\Users\Sabrina\Documents\My Bluetooth

2014-12-01 00:01 - 2014-12-01 00:01 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\VirtualStore

2014-12-01 00:00 - 2014-12-01 20:14 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Pokki

2014-12-01 00:00 - 2014-12-01 00:01 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\LenovoBrowserGuard

2014-12-01 00:00 - 2014-12-01 00:01 - 00000000 ____D () C:\Users\Sabrina

2014-12-01 00:00 - 2014-12-01 00:00 - 00000020 ___SH () C:\Users\Sabrina\ntuser.ini

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Vorlagen

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Startmenü

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Netzwerkumgebung

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Lokale Einstellungen

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Eigene Dateien

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Druckumgebung

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Documents\Eigene Musik

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Documents\Eigene Bilder

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\AppData\Local\Verlauf

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\AppData\Local\Anwendungsdaten

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Anwendungsdaten

2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 ____D () C:\ProgramData\eBay

2014-12-01 00:00 - 2014-11-30 19:09 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Packages

2014-12-01 00:00 - 2014-09-21 07:24 - 00000000 ___RD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-12-01 00:00 - 2014-03-18 11:05 - 00000000 ___RD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-12-01 00:00 - 2014-03-18 10:55 - 00000369 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2014-12-01 00:00 - 2014-03-18 10:55 - 00000369 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2014-12-01 00:00 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-12-01 00:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Startmenü

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Programme

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Startmenü

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Dokumente

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2014-11-30 20:04 - 2014-11-30 20:04 - 00000000 ____D () C:\ProgramData\Riot Games

2014-11-30 20:02 - 2014-11-30 20:02 - 00001625 _____ () C:\Users\Public\Desktop\League of Legends.lnk

2014-11-30 20:02 - 2014-11-30 20:02 - 00000000 ____D () C:\Riot Games

2014-11-30 20:02 - 2014-11-30 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2014-11-30 20:02 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll

2014-11-30 20:02 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll

2014-11-30 20:02 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll

2014-11-30 20:02 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll

2014-11-30 20:02 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll

2014-11-30 20:01 - 2014-11-30 20:02 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Riot Games

2014-11-30 20:00 - 2014-11-30 20:00 - 30668968 _____ (Riot Games) C:\Users\Sabrina\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe

2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Lenovo

2014-11-30 19:17 - 2014-11-30 19:17 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Mozilla

2014-11-30 19:17 - 2014-11-30 19:17 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Mozilla

2014-11-30 19:16 - 2014-11-30 19:16 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-11-30 19:16 - 2014-11-30 19:16 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-11-30 19:16 - 2014-11-30 19:16 - 00000000 ____D () C:\ProgramData\Mozilla

2014-11-30 19:16 - 2014-11-30 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-30 19:16 - 2014-11-30 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-11-30 19:14 - 2014-11-30 19:14 - 00000000 __SHD () C:\Users\Sabrina\AppData\Local\EmieUserList

2014-11-30 19:14 - 2014-11-30 19:14 - 00000000 __SHD () C:\Users\Sabrina\AppData\Local\EmieSiteList
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-01 21:30 - 2014-09-21 07:06 - 00605743 _____ () C:\WINDOWS\WindowsUpdate.log

2014-12-01 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-12-01 20:17 - 2014-09-21 16:53 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat

2014-12-01 20:17 - 2014-09-21 16:53 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat

2014-12-01 20:17 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-12-01 20:11 - 2014-09-21 08:25 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf

2014-12-01 20:11 - 2014-03-18 10:44 - 00006498 _____ () C:\WINDOWS\PFRO.log

2014-12-01 20:11 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-12-01 20:10 - 2014-09-21 07:46 - 00111932 _____ () C:\Users\Public\CAFADEBUG.log

2014-12-01 18:35 - 2014-09-21 08:20 - 00000000 ____D () C:\ProgramData\McAfee

2014-12-01 18:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP

2014-12-01 18:23 - 2014-09-21 07:05 - 00048082 _____ () C:\WINDOWS\DPINST.LOG

2014-12-01 18:23 - 2013-08-22 15:46 - 00019832 _____ () C:\WINDOWS\setupact.log

2014-12-01 16:28 - 2014-09-21 07:31 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-12-01 16:27 - 2014-09-21 07:31 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-01 16:27 - 2014-09-21 07:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-12-01 16:27 - 2014-09-21 07:30 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-12-01 16:26 - 2014-09-21 07:48 - 00000000 ____D () C:\WINDOWS\LastGood

2014-12-01 13:50 - 2013-08-22 15:44 - 00375064 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-12-01 11:51 - 2013-08-22 14:25 - 00021259 _____ () C:\WINDOWS\system32\Drivers\etc\services

2014-12-01 11:47 - 2014-09-21 08:23 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll

2014-12-01 00:07 - 2014-09-21 08:19 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo

2014-12-01 00:05 - 2014-09-21 08:19 - 00000000 ____D () C:\ProgramData\Lenovo

2014-12-01 00:01 - 2014-09-21 16:47 - 00123414 ____H () C:\WINDOWS\modules.log

2014-12-01 00:01 - 2014-09-21 08:18 - 00000000 ____D () C:\Program Files (x86)\LenovoBrowserGuard

2014-12-01 00:01 - 2014-04-03 20:15 - 00000000 ____D () C:\WINDOWS\Panther

2014-11-30 23:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-11-30 23:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT

2014-11-30 23:33 - 2013-08-22 14:36 - 00000000 ___HD () C:\Users\Default

2014-11-30 21:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-11-30 19:57 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2014-11-30 19:55 - 2014-09-21 08:19 - 00000000 ____D () C:\Program Files (x86)\Lenovo

2014-11-30 19:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-11-30 18:54 - 2014-09-21 08:25 - 00007360 _____ () C:\WINDOWS\SysWOW64\VisualDiscovery.ini

2014-11-30 18:54 - 2014-09-21 08:25 - 00004784 _____ () C:\WINDOWS\SysWOW64\VisualDiscoveryOff.ini

2014-11-30 18:54 - 2014-09-21 08:25 - 00004784 _____ () C:\WINDOWS\system32\VisualDiscoveryOff.ini

2014-11-30 18:37 - 2014-09-21 08:28 - 00000000 ____D () C:\ProgramData\Office2013

2014-11-13 01:20 - 2014-09-21 07:30 - 03262784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

2014-11-13 01:20 - 2014-09-21 07:30 - 02874456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2014-11-12 22:56 - 2014-09-21 07:31 - 06897352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

2014-11-12 22:56 - 2014-09-21 07:31 - 03534152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll

2014-11-12 22:56 - 2014-09-21 07:31 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll

2014-11-12 22:56 - 2014-09-21 07:31 - 01092752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll

2014-11-12 22:56 - 2014-09-21 07:31 - 00934032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe

2014-11-12 22:56 - 2014-09-21 07:31 - 00625472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll

2014-11-12 22:56 - 2014-09-21 07:31 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll

2014-11-12 22:56 - 2014-09-21 07:31 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll

2014-11-12 22:56 - 2014-09-21 07:31 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll

2014-11-11 11:29 - 2014-09-21 07:31 - 04100776 _____ () C:\WINDOWS\system32\nvcoproc.bin
 

Some content of TEMP:

====================

C:\Users\Sabrina\AppData\Local\Temp\oct728E.tmp.exe

C:\Users\Sabrina\AppData\Local\Temp\SPSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-11-30 20:59
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014

Ran by Sabrina at 2014-12-01 21:48:38

Running from C:\Users\Sabrina\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: G DATA TOTAL PROTECTION (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: G DATA TOTAL PROTECTION (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

 Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)

 Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden

Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)

CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)

CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden

Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden

Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden

Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden

Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)

Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)

Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden

G DATA TOTAL PROTECTION (HKLM-x32\...\{6715BEB5-01F1-41AC-B44B-0A78CD50C433}) (Version: 25.0.2.3 - G DATA Software AG)

Host App Service (HKU\S-1-5-21-1897811959-3106102651-190997941-1002\...\Pokki) (Version: 0.269.4.103 - Pokki)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )

League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden

Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.50.5 - ClientConnect LTD)

Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)

Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)

Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.17.0 - Lenovo)

Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)

Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)

Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden

Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden

Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)

Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)

Lenovo Web Start (HKU\S-1-5-21-1897811959-3106102651-190997941-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)

Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden

Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)

Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)

Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)

NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

OpenVPN 2.3.5-I001  (HKLM\...\OpenVPN) (Version: 2.3.5-I001 - )

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)

REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.802.010814 - REALTEK Semiconductor Corp.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)

REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)

SAP GUI for Windows 7.30 (Patch 10) (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)

SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden

Start Menu (HKU\S-1-5-21-1897811959-3106102651-190997941-1002\...\Pokki_Start_Menu) (Version: 0.269.4.103 - Pokki)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.74 - Synaptics Incorporated)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)

Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)

Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
 

==================== Restore Points  =========================
 

30-11-2014 17:24:34 Removed Cisco EAP-FAST Module
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {194EFF5D-D036-4A4C-83AE-E86874E039EC} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)

Task: {24A04EF8-4ABF-4B19-B5A6-AEAF978354FB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)

Task: {D89AA2B4-8A71-40DB-BA2D-44AC5FD41CFF} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()

Task: {E6057FDA-91FC-4013-B86C-4CEB8148A35F} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-01] (Lenovo)
 

==================== Loaded Modules (whitelisted) =============
 

2014-09-21 07:31 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-09-21 07:39 - 2014-01-06 13:56 - 00079872 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe

2014-09-21 08:23 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2014-09-21 08:25 - 2014-09-21 08:25 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

2014-09-21 08:25 - 2014-09-21 08:25 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll

2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll

2014-09-21 07:46 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

2014-10-02 19:07 - 2014-10-02 19:07 - 00569856 _____ () C:\Users\Sabrina\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll

2014-10-02 19:07 - 2014-10-02 19:07 - 01400846 _____ () C:\Users\Sabrina\AppData\Local\Pokki\Engine\avcodec-54.dll

2014-10-02 19:07 - 2014-10-02 19:07 - 00151054 _____ () C:\Users\Sabrina\AppData\Local\Pokki\Engine\avutil-51.dll

2014-10-02 19:07 - 2014-10-02 19:07 - 00222734 _____ () C:\Users\Sabrina\AppData\Local\Pokki\Engine\avformat-54.dll

2014-09-21 07:36 - 2013-09-16 20:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2014-11-30 19:16 - 2014-11-14 03:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-1897811959-3106102651-190997941-500 - Administrator - Disabled)

Gast (S-1-5-21-1897811959-3106102651-190997941-501 - Limited - Disabled)

Sabrina (S-1-5-21-1897811959-3106102651-190997941-1002 - Administrator - Enabled) => C:\Users\Sabrina
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/01/2014 06:33:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcCan continue stopping. [1008]
 

Error: (12/01/2014 06:24:52 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcCan continue stopping. [1008]
 

Error: (12/01/2014 04:58:01 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1778
 

Startzeit: 01d00d7f866f4367
 

Endzeit: 4294967295
 

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
 

Berichts-ID: d1505df7-7972-11e4-8262-28d244effd47
 

Vollständiger Name des fehlerhaften Pakets: 
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
 

Error: (11/30/2014 06:44:09 PM) (Source: nlsX86cc) (EventID: 0) (User: )

Description: Stop request seennlsX86cc error: 0
 

Error: (11/30/2014 11:41:06 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )

Description: Die indizierten Daten von Windows Search für den Benutzer '<Event xmlns='hxxp://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-11-30T22:41:06.000000000Z'/><EventRecordID>535</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Brinizi</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200720069006E0069007A0069005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' können im Zuge der Löschung des Benutzerprofils nicht entfernt werden. Fehlercode %2.
 

%3.
 
 

System errors:

=============

Error: (12/01/2014 06:51:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst GDBackupSvc erreicht.
 

Error: (12/01/2014 06:32:38 PM) (Source: DCOM) (EventID: 10010) (User: Brinizi)

Description: {209500FC-6B45-4693-8871-6296C4843751}
 

Error: (12/01/2014 06:32:08 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)

Description: {209500FC-6B45-4693-8871-6296C4843751}
 

Error: (12/01/2014 06:31:38 PM) (Source: DCOM) (EventID: 10010) (User: Brinizi)

Description: {209500FC-6B45-4693-8871-6296C4843751}
 

Error: (12/01/2014 04:20:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 

%%1
 

Error: (12/01/2014 04:19:33 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)

Description: {209500FC-6B45-4693-8871-6296C4843751}
 

Error: (12/01/2014 00:14:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "McAfee Boot Delay Start Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (12/01/2014 00:14:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Boot Delay Start Service erreicht.
 

Error: (12/01/2014 00:14:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 

%%1
 

Error: (12/01/2014 00:14:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 
 

Microsoft Office Sessions:

=========================

Error: (12/01/2014 06:33:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcCan continue stopping. [1008]
 

Error: (12/01/2014 06:24:52 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcCan continue stopping. [1008]
 

Error: (12/01/2014 04:58:01 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: rads_user_kernel.exe0.0.0.0177801d00d7f866f43674294967295C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exed1505df7-7972-11e4-8262-28d244effd47
 

Error: (11/30/2014 06:44:09 PM) (Source: nlsX86cc) (EventID: 0) (User: )

Description: Stop request seennlsX86cc error: 0
 

Error: (11/30/2014 11:41:06 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )

Description: <Event xmlns='hxxp://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-11-30T22:41:06.000000000Z'/><EventRecordID>535</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Brinizi</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200720069006E0069007A0069005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz

Percentage of memory in use: 31%

Total physical RAM: 8084.27 MB

Available physical RAM: 5507.59 MB

Total Pagefile: 10004.27 MB

Available Pagefile: 6878.43 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB
 

==================== Drives ================================
 

Drive c: (Windows8_OS) (Fixed) (Total:889.49 GB) (Free:847.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.73 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 7B4728A6)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Jetzt ist aber ein Problem noch aufgetaucht, G DATA hat wieder iwas in die Quarantäne verschoben von diesem Download. Was st das jetzt wieder genau??????? ich bin so verwirrt!

Code:

*** Prozess ***
 

Prozess: 6536

Dateiname: erunt.exe

Pfad: c:\windows\erunt.exe
 

Herausgeber: Unbekannter Herausgeber

Erstelldatum: 02/22/13 15:05:21

Änderungsdatum: 02/22/13 02:04:50
 

Gestartet von: cmd.exe

Herausgeber: Microsoft Windows
 
 

*** Aktionen ***
 

Ein Packer wurde auf die Programmdatei angewandt. Möglicherweise um schädliche Inhalte zu verbergen.

Das Programm hat in Dateien oder Ordnern geschrieben die genutzt werden können um das System zu gefährden.

Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden.
 
 

*** Quarantäne ***
 

Folgende Dateien wurden in Quarantäne verschoben:

C:\FRST\Hives\Users\00000001\NTUSER.DAT

C:\Windows\ERUNT.exe

c:\frst\hives\users\00000001\ntuser.dat
 

Folgende Registry Einträge wurden gelöscht:

\REGISTRY\MACHINE\SECURITY
 
 

YGLRtuLAcnJycmJi0HJycnJiYuBycicnd2JicCp0ckInJyYGt3JycnJiYnAsJycnJyYGaHJycnJiYoArJycnJyYGmXJykCsWbSsJyXJycKdycnB4cnJycmJicJlycnJyYmJwunKxXmO2cnKxXmO2cmJicI5ycgAA

Version der Regeln: 4.7.0

OS: Windows 6.2 Service Pack 0.0 Build: 9200 - Workstation 64bit OS

Version der dll: 40166
 

ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow

MD5: 2E0323A94915FAAB10A25F3BABF82584

C:\WINDOWS\system32\cmd.exe /c ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow

MD5: