Wie kriege ich do-search weg?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by Pia (administrator) on PIAPC on 24-11-2013 14:09:07
Running from C:\Users\Pia\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dropbox, Inc.) C:\Users\Pia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-08] (Google Inc.)
MountPoints2: {3e2d6695-e17a-11e1-9307-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {8122f567-df36-11e2-a227-089e011496c7} - E:\MI.exe
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
AppInit_DLLs:   [ ] ()
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {DCCE2A02-C58B-4313-8373-A3CA542F02A5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=60db93ab-564c-439f-b406-549a3acc5989&apn_sauid=E313F5C2-DC2B-4F91-AC5B-7ECF40D4BF9C
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.137

Chrome: 
=======
CHR HomePage: hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
CHR RestoreOnStartup: "hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8"
CHR DefaultSearchURL: (do-search) - hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
CHR DefaultSuggestURL: (do-search) -       "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Skype Click to Call) - C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Google Wallet) - C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://do-search.com/?type=sc&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-17] (Avira Operations GmbH & Co. KG)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-24 14:09 - 2013-11-24 14:10 - 00015851 _____ C:\Users\Pia\Desktop\FRST.txt
2013-11-24 14:09 - 2013-11-24 14:09 - 00000000 ____D C:\FRST
2013-11-24 14:07 - 2013-11-24 14:07 - 01958396 _____ (Farbar) C:\Users\Pia\Desktop\FRST64.exe
2013-11-24 13:38 - 2013-11-24 13:38 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-24 13:31 - 2013-11-24 13:38 - 00000000 ____D C:\AdwCleaner
2013-11-24 13:31 - 2013-11-24 13:31 - 01091882 _____ C:\Users\Pia\Desktop\AdwCleaner.exe
2013-11-23 12:45 - 2013-11-23 16:23 - 00000000 ____D C:\Users\Pia\Rechnungen
2013-11-18 20:14 - 2013-11-20 03:06 - 01591306 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-18 20:14 - 2013-11-18 20:14 - 00001044 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-11-18 20:12 - 2013-11-18 20:12 - 00000552 _____ C:\Windows\KB893803v2.log
2013-11-18 20:11 - 2013-11-18 20:14 - 00000000 ____D C:\Program Files (x86)\VideoPlayer
2013-11-18 20:09 - 2013-11-18 20:09 - 00320856 _____ C:\Users\Pia\Desktop\Setup.exe
2013-11-16 00:26 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-15 09:26 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 09:26 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 09:26 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 09:26 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 09:26 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 09:26 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 09:26 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 09:26 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 09:26 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 09:26 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 23:07 - 2013-11-23 12:39 - 00000000 ____D C:\Users\Pia\PAD
2013-11-14 16:20 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 16:20 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 16:20 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 16:19 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 16:19 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 16:19 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 16:19 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 16:19 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 16:19 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 16:19 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 16:19 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 16:19 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 16:19 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 16:19 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 16:19 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 16:19 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 16:19 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 16:19 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 16:19 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 16:19 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 16:19 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 16:19 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 16:19 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 16:19 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 16:19 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 16:19 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 16:19 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 16:19 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 16:19 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 16:19 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-11-24 14:10 - 2013-11-24 14:09 - 00015851 _____ C:\Users\Pia\Desktop\FRST.txt
2013-11-24 14:09 - 2013-11-24 14:09 - 00000000 ____D C:\FRST
2013-11-24 14:09 - 2012-08-08 18:01 - 01125017 _____ C:\Windows\WindowsUpdate.log
2013-11-24 14:07 - 2013-11-24 14:07 - 01958396 _____ (Farbar) C:\Users\Pia\Desktop\FRST64.exe
2013-11-24 13:48 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:48 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:40 - 2012-10-03 05:01 - 00000000 ___RD C:\Users\Pia\Dropbox
2013-11-24 13:40 - 2012-10-03 04:52 - 00000000 ____D C:\Users\Pia\AppData\Roaming\Dropbox
2013-11-24 13:39 - 2012-08-08 18:33 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 13:39 - 2010-11-21 04:47 - 00750372 _____ C:\Windows\PFRO.log
2013-11-24 13:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 13:39 - 2009-07-14 05:51 - 00105249 _____ C:\Windows\setupact.log
2013-11-24 13:38 - 2013-11-24 13:38 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-24 13:38 - 2013-11-24 13:31 - 00000000 ____D C:\AdwCleaner
2013-11-24 13:38 - 2012-09-24 15:53 - 00000000 ___RD C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 13:31 - 2013-11-24 13:31 - 01091882 _____ C:\Users\Pia\Desktop\AdwCleaner.exe
2013-11-24 13:20 - 2013-02-27 17:19 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-11-24 13:17 - 2012-08-08 18:33 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-23 16:23 - 2013-11-23 12:45 - 00000000 ____D C:\Users\Pia\Rechnungen
2013-11-23 13:27 - 2012-09-25 05:48 - 00000000 ____D C:\Users\Pia
2013-11-23 12:39 - 2013-11-14 23:07 - 00000000 ____D C:\Users\Pia\PAD
2013-11-23 12:36 - 2012-08-09 03:41 - 00697098 _____ C:\Windows\system32\perfh007.dat
2013-11-23 12:36 - 2012-08-09 03:41 - 00148362 _____ C:\Windows\system32\perfc007.dat
2013-11-23 12:36 - 2009-07-14 06:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 15:32 - 2012-11-22 18:05 - 00000000 ____D C:\Users\Pia\AppData\Local\CrashDumps
2013-11-20 15:55 - 2013-06-07 16:01 - 00012288 ___SH C:\Users\Pia\Thumbs.db
2013-11-20 03:06 - 2013-11-18 20:14 - 01591306 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-18 22:26 - 2012-09-27 02:01 - 00000000 ____D C:\Users\Pia\Studium
2013-11-18 20:14 - 2013-11-18 20:14 - 00001044 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-11-18 20:14 - 2013-11-18 20:11 - 00000000 ____D C:\Program Files (x86)\VideoPlayer
2013-11-18 20:12 - 2013-11-18 20:12 - 00000552 _____ C:\Windows\KB893803v2.log
2013-11-18 20:11 - 2012-09-24 15:53 - 00001626 _____ C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-18 20:09 - 2013-11-18 20:09 - 00320856 _____ C:\Users\Pia\Desktop\Setup.exe
2013-11-15 22:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

Files to move or delete:
====================
C:\Users\Pia\phase-6-premium-windows-installer-cd.exe


Some content of TEMP:
====================
C:\Users\Pia\AppData\Local\Temp\AskSLib.dll
C:\Users\Pia\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pia\AppData\Local\Temp\jna1027179826933338385.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1028983506970314294.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1113253376073936550.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna112284520422426622.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1240410423948351163.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1501631828572440464.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1782232002509199075.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1831406264142230933.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1866491167129068270.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna2089887284299221185.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna2516075976596435811.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna2799274837774670828.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna2918180430186826335.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3042165326797041316.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3186808151878737456.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3259854947047219771.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3401890458150725514.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3463483747008802097.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3501454961885313331.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3612453938471224197.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3645795048655969228.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3726839332580781915.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna395100100596485656.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna4011309100620262170.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna45338990543339152.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna5283444853048199812.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna5421667688766524415.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6151256043169833837.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6281404205564416470.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6350835831386851075.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6461993931568891541.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna651651751884963172.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6704341750052370570.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna675831756020127357.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6885762949793360751.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna7117024295194150113.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna739079534468683092.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna7490696045663125394.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna7574641146621219487.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna7734575628692348457.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8015609844895391556.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8214164827454499493.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8695482781080417122.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8857743415606692417.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8861788534825206726.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna9092733087539517421.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\Quarantine.exe
C:\Users\Pia\AppData\Local\Temp\Setup.exe
C:\Users\Pia\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-21 13:56

==================== End Of Log ============================
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by Pia (administrator) on PIAPC on 24-11-2013 14:09:07
Running from C:\Users\Pia\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dropbox, Inc.) C:\Users\Pia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-08] (Google Inc.)
MountPoints2: {3e2d6695-e17a-11e1-9307-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {8122f567-df36-11e2-a227-089e011496c7} - E:\MI.exe
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
AppInit_DLLs:   [ ] ()
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {DCCE2A02-C58B-4313-8373-A3CA542F02A5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=60db93ab-564c-439f-b406-549a3acc5989&apn_sauid=E313F5C2-DC2B-4F91-AC5B-7ECF40D4BF9C
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.137

Chrome: 
=======
CHR HomePage: hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8
CHR RestoreOnStartup: "hxxp://do-search.com/?type=hp&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8"
CHR DefaultSearchURL: (do-search) - hxxp://do-search.com/web/?type=ds&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8&q={searchTerms}
CHR DefaultSuggestURL: (do-search) -       "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Skype Click to Call) - C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Google Wallet) - C:\Users\Pia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://do-search.com/?type=sc&ts=1384801904&from=tugs&uid=ST9500325AS_5VETBBM8XXXX5VETBBM8

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-17] (Avira Operations GmbH & Co. KG)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-24 14:09 - 2013-11-24 14:10 - 00015851 _____ C:\Users\Pia\Desktop\FRST.txt
2013-11-24 14:09 - 2013-11-24 14:09 - 00000000 ____D C:\FRST
2013-11-24 14:07 - 2013-11-24 14:07 - 01958396 _____ (Farbar) C:\Users\Pia\Desktop\FRST64.exe
2013-11-24 13:38 - 2013-11-24 13:38 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-24 13:31 - 2013-11-24 13:38 - 00000000 ____D C:\AdwCleaner
2013-11-24 13:31 - 2013-11-24 13:31 - 01091882 _____ C:\Users\Pia\Desktop\AdwCleaner.exe
2013-11-23 12:45 - 2013-11-23 16:23 - 00000000 ____D C:\Users\Pia\Rechnungen
2013-11-18 20:14 - 2013-11-20 03:06 - 01591306 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-18 20:14 - 2013-11-18 20:14 - 00001044 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-11-18 20:12 - 2013-11-18 20:12 - 00000552 _____ C:\Windows\KB893803v2.log
2013-11-18 20:11 - 2013-11-18 20:14 - 00000000 ____D C:\Program Files (x86)\VideoPlayer
2013-11-18 20:09 - 2013-11-18 20:09 - 00320856 _____ C:\Users\Pia\Desktop\Setup.exe
2013-11-16 00:26 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-16 00:26 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-15 09:26 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 09:26 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 09:26 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 09:26 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 09:26 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 09:26 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 09:26 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 09:26 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 09:26 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 09:26 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 09:26 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 09:26 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 23:07 - 2013-11-23 12:39 - 00000000 ____D C:\Users\Pia\PAD
2013-11-14 16:20 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 16:20 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 16:20 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 16:19 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 16:19 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 16:19 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 16:19 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 16:19 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 16:19 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 16:19 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 16:19 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 16:19 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 16:19 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 16:19 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 16:19 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 16:19 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 16:19 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 16:19 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 16:19 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 16:19 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 16:19 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 16:19 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 16:19 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 16:19 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 16:19 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 16:19 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 16:19 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 16:19 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 16:19 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 16:19 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-11-24 14:10 - 2013-11-24 14:09 - 00015851 _____ C:\Users\Pia\Desktop\FRST.txt
2013-11-24 14:09 - 2013-11-24 14:09 - 00000000 ____D C:\FRST
2013-11-24 14:09 - 2012-08-08 18:01 - 01125017 _____ C:\Windows\WindowsUpdate.log
2013-11-24 14:07 - 2013-11-24 14:07 - 01958396 _____ (Farbar) C:\Users\Pia\Desktop\FRST64.exe
2013-11-24 13:48 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:48 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:40 - 2012-10-03 05:01 - 00000000 ___RD C:\Users\Pia\Dropbox
2013-11-24 13:40 - 2012-10-03 04:52 - 00000000 ____D C:\Users\Pia\AppData\Roaming\Dropbox
2013-11-24 13:39 - 2012-08-08 18:33 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 13:39 - 2010-11-21 04:47 - 00750372 _____ C:\Windows\PFRO.log
2013-11-24 13:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 13:39 - 2009-07-14 05:51 - 00105249 _____ C:\Windows\setupact.log
2013-11-24 13:38 - 2013-11-24 13:38 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-24 13:38 - 2013-11-24 13:31 - 00000000 ____D C:\AdwCleaner
2013-11-24 13:38 - 2012-09-24 15:53 - 00000000 ___RD C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 13:31 - 2013-11-24 13:31 - 01091882 _____ C:\Users\Pia\Desktop\AdwCleaner.exe
2013-11-24 13:20 - 2013-02-27 17:19 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-11-24 13:17 - 2012-08-08 18:33 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-23 16:23 - 2013-11-23 12:45 - 00000000 ____D C:\Users\Pia\Rechnungen
2013-11-23 13:27 - 2012-09-25 05:48 - 00000000 ____D C:\Users\Pia
2013-11-23 12:39 - 2013-11-14 23:07 - 00000000 ____D C:\Users\Pia\PAD
2013-11-23 12:36 - 2012-08-09 03:41 - 00697098 _____ C:\Windows\system32\perfh007.dat
2013-11-23 12:36 - 2012-08-09 03:41 - 00148362 _____ C:\Windows\system32\perfc007.dat
2013-11-23 12:36 - 2009-07-14 06:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 15:32 - 2012-11-22 18:05 - 00000000 ____D C:\Users\Pia\AppData\Local\CrashDumps
2013-11-20 15:55 - 2013-06-07 16:01 - 00012288 ___SH C:\Users\Pia\Thumbs.db
2013-11-20 03:06 - 2013-11-18 20:14 - 01591306 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-18 22:26 - 2012-09-27 02:01 - 00000000 ____D C:\Users\Pia\Studium
2013-11-18 20:14 - 2013-11-18 20:14 - 00001044 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-11-18 20:14 - 2013-11-18 20:11 - 00000000 ____D C:\Program Files (x86)\VideoPlayer
2013-11-18 20:12 - 2013-11-18 20:12 - 00000552 _____ C:\Windows\KB893803v2.log
2013-11-18 20:11 - 2012-09-24 15:53 - 00001626 _____ C:\Users\Pia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-18 20:09 - 2013-11-18 20:09 - 00320856 _____ C:\Users\Pia\Desktop\Setup.exe
2013-11-15 22:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

Files to move or delete:
====================
C:\Users\Pia\phase-6-premium-windows-installer-cd.exe


Some content of TEMP:
====================
C:\Users\Pia\AppData\Local\Temp\AskSLib.dll
C:\Users\Pia\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pia\AppData\Local\Temp\jna1027179826933338385.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1028983506970314294.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1113253376073936550.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna112284520422426622.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1240410423948351163.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1501631828572440464.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1782232002509199075.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1831406264142230933.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna1866491167129068270.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna2089887284299221185.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna2516075976596435811.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna2799274837774670828.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna2918180430186826335.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3042165326797041316.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3186808151878737456.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3259854947047219771.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3401890458150725514.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3463483747008802097.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3501454961885313331.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3612453938471224197.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3645795048655969228.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna3726839332580781915.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna395100100596485656.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna4011309100620262170.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna45338990543339152.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna5283444853048199812.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna5421667688766524415.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6151256043169833837.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6281404205564416470.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6350835831386851075.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6461993931568891541.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna651651751884963172.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6704341750052370570.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna675831756020127357.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna6885762949793360751.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna7117024295194150113.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna739079534468683092.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna7490696045663125394.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna7574641146621219487.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna7734575628692348457.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8015609844895391556.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8214164827454499493.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8695482781080417122.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8857743415606692417.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna8861788534825206726.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\jna9092733087539517421.hunspell-win-x86-32.dll
C:\Users\Pia\AppData\Local\Temp\Quarantine.exe
C:\Users\Pia\AppData\Local\Temp\Setup.exe
C:\Users\Pia\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-21 13:56

==================== End Of Log ============================