uninstall.exe und anderes entdeckt [Laptop 2 Tage alt]

pui · 01.12.2014, 20:35

Hallo liebe Virus-Spezialisten,

ich bin grad so verzweifelt und hoffe ihr könnt mir helfen. Ich habe am Samstag mir einen neuen Laptop zugelegt (Lenovo, Windows 8 vorinstalliert). Am Sonntag habe ich erstmal alles nach Anleitung aufgesetzt und da ich eine 30-Tage-Testversioen von Mcafee hatte habe ich diese erst mal benutzt.
Heute wollte ich dann einen Suchdurchlauf machen lassen von Mcafee, da ich für die Uni einige Sachen runter laden musste (open office, sap, etc.). Als der Suchdurchlauf auch bei mehrmaligen Neustarten, immer bei 99% Rootkit suche gestoppt ist, habe ich mir kurzerhand eine Testversion von G DATA TOTAL PROTECTION geholt.

G DATA hat sofort etwas gefunden was ich löschen sollte und nach einem Suchdurchlauf nochmal was:

Code:

ATTFilter

*** Prozess ***

Prozess: 1508
Dateiname: regsvr32.exe
Pfad: c:\windows\syswow64\regsvr32.exe

Herausgeber: Microsoft Windows
Erstelldatum: 08/22/13 03:56:07
Änderungsdatum: 08/22/13 03:55:58

Gestartet von: mcinst.exe
Herausgeber: McAfee, Inc.


*** Aktionen ***

Es wurde auf einen fremden Prozess zugegriffen.

YGLx3bIJLiepcnIrJ/dwKnSCQicndHJwKycoJycnB+dygnJycnKAKicoJycnB7hygnJycnKQKxbfLZiQLid3cuJykqAqJ5egLCd3cuJyksAqJycnJyYGjXJyJycuJwn/cnInJy4nCZcuJycmJicHly8nJyYmJwenJycHpytYY6aCctFaY6ZygjVmKgenLieYcPxygikn13LCcI5ykgrnLieXgJZycgcA
Version der Regeln: 4.6.0
OS: Windows 6.2 Service Pack 0.0 Build: 9200 - Workstation 64bit OS
Version der dll: 40166

"C:\WINDOWS\system32\regsvr32.exe" /u /s "C:\Program Files\McAfee\MPF\mpfsvc.dll"
MD5: F46E33B5A378DC24BB57DAA42D0FA140
"C:\Program Files (x86)\Common Files\McAfee\Installer\mcinst.exe" "C:\Program Files\McAfee\MPF\mpfLI.inf" /uninstall
MD5:

Das wurde sofort gelöscht, soweit ich weiß

Hier der Suchlauf von G DATA:

Code:

ATTFilter

Virenprüfung mit G DATA TOTAL PROTECTION
Version 25.0.2.3 (26.09.2014)
Virensignaturen vom 01.12.2014
Startzeit: 01.12.2014 18:59:50
Engine(s): Engine A (AVA 24.5274), Engine B (GD 25.4253)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein

Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 01.12.2014 19:35:40
****206983 Dateien überprüft
****1 infizierte Dateien gefunden
****0 verdächtige Dateien gefunden

Archiv: uninstall.exe
****Pfad: C:\Program Files (x86)\LenovoBrowserGuard\Main\bin
****Status: Datei in Quarantäne verschoben
****Virus: Application.SearchProtect.W (Engine A)

Objekt: (NSIS o)=>lzma_solid_nsis0002
****In Archiv: C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\uninstall.exe
****Status: Virus gefunden
****Virus: Application.SearchProtect.W


Der Zugriff auf die folgenden Dateien wurde verweigert:

C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-WorkFolders-WHC.etl
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTSystemAgentEvtSession.etl
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0133001a669c87448324d8755cbad666_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0024af3da540fa76901296fa0699e382_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0b1c588fe31e866d6d16c79348f3f463_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e4bcb3591fb84b1dc3ffcc0cfb43efc_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0cecf3ed07278e2874fc674c24bba432_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\13174a8482724629b356ca550c30270c_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1339da65502cfe1696cec66bf1015760_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c2908fb7ccc67d42e2490636950c3a5_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\177ab745dd1d6ff7919cf30bd1e1b61f_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\404b0b9d81126d935aa496b278468553_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3bf7c1ebef61cf7c0e51643c661e6228_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c0893572de8281e9fc0705bb4e5bfeb_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5dff94d302ca69cd2211455e0083074b_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\701ed84b77630ae4e6f224ba89ba8fba_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72ad1438946c1c447b4f2ac4418493ed_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\60876b45e8a625fca005e3c5686b0628_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8af108f4b97ef1e2db3d05b8cc522295_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b69f6204df50cebba69b3bb65597e127_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f9ce5ea7e973902e94b2ee5d31a30c4_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b98fd3e5fa2c5d67ce97d67b03c6d025_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3758492307a02653195b2ad2b88d524_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbd483ff2d9554e392a635bf6fe0b815_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce0f22b3814fa113fd05056e7bcb309a_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cefcbf8651f121ab2d96921d4e04bd69_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d766e7f6d9b72b26cc69b0a7b21e1799_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d54a5277952a12abebc2b062e3c887c5_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db88075d916028f6fdf1967c52925cbb_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d80589667f839ba47e2ec522e4130871_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e09f95f3bce644b39340fe1fd4a822e2_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f766361404e25494d720f999bf29ce53_78e48e90-ed1f-4788-9538-0117fee4206c
C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-18\ReadOnly\LockScreen_Z\LockScreen___1920_1080.jpg
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-0.bin


Die folgenden Dateien sind Passwortgeschützt:

C:\Program Files (x86)\InstallShield Installation Information\{55762F9A-FCE3-45d5-817B-051218658423}\SupportFiles.7z
C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\SupportFiles.7z
C:\Program Files (x86)\InstallShield Installation Information\{BC94C56A-3649-420C-8756-2ADEBE399D33}\SupportFiles.7z
C:\WINDOWS\MFGSTAT.zip

Hier noch die Malwarebytes Suchdurchlauf:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 01.12.2014
Scan Time: 19:56:05
Logfile: suchlauf1.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.12.01.06
Rootkit Database: v2014.12.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sabrina

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320562
Time Elapsed: 11 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [8524e27bed8f74c218e7c7cd4eb6cf31], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.ConduitSearchProtect, C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe, Delete-on-Reboot, [8524e27bed8f74c218e7c7cd4eb6cf31], 

Physical Sectors: 0
(No malicious items detected)


(end)

Meine Frage(n) ist jetzt:

Was soll ich tun?
Aktuell ist das uninstall.exe noch in Quarantäne soll ich es löschen?
Warum gibt mir Lenovo Viren?
Muss ich meine Passwörter, die ich heute in Firefox verwendet habe, löschen?
Bin ich nach dem löschen der Quarantäne sicher?

Danke schon mal für euer hilfe

liebe grüße
sabi

schrauber · 01.12.2014, 20:58

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

pui · 01.12.2014, 21:57

hi also erstmal danke für die schnelle Antwort

hier die FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Sabrina (administrator) on BRINIZI on 01-12-2014 21:48:00
Running from C:\Users\Sabrina\Downloads
Loaded Profile: Sabrina (Available profiles: Sabrina)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKWCtlx64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFwSvcx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\AVKTray\AVKTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Pokki) C:\Users\Sabrina\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Pokki) C:\Users\Sabrina\AppData\Local\Pokki\Engine\HostAppService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFirewallTray.exe
(Pokki) C:\Users\Sabrina\AppData\Local\Pokki\Engine\HostAppService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Pokki) C:\Users\Sabrina\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2781936 2013-12-24] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\TotalProtection\AVKTray\AVKTray.exe,c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe,
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1897811959-3106102651-190997941-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-08-25] (ClientConnect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-08-25] (ClientConnect LTD)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1897811959-3106102651-190997941-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1897811959-3106102651-190997941-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1897811959-3106102651-190997941-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1897811959-3106102651-190997941-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\vk3ud09v.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\vk3ud09v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-30]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [79872 2014-01-06] () [File not signed]
R2 GDBackupSvc; C:\Program Files (x86)\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe [3844216 2014-08-21] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 GDTunerSvc; C:\Program Files (x86)\G DATA\TotalProtection\AVKTuner\AVKTunerService.exe [1637496 2014-05-28] (G Data Software AG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-21] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-10-28] (The OpenVPN Project)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 TSNxGService; C:\Program Files (x86)\G DATA\TotalProtection\TSNxG\TSNxGService.exe [255608 2014-07-01] (G DATA Software)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-09-21] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-12-01] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2014-12-01] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [142336 2014-12-01] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [64000 2014-12-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2014-12-01] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2014-12-01] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [61440 2014-12-01] (G Data Software AG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-05] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-26] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-24] (Synaptics Incorporated)
R0 TS4NT; C:\Windows\System32\Drivers\TS4nt.sys [98760 2014-12-01] (G Data Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 21:48 - 2014-12-01 21:48 - 00016498 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2014-12-01 21:47 - 2014-12-01 21:48 - 00000000 ____D () C:\FRST
2014-12-01 21:46 - 2014-12-01 21:46 - 02117120 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-12-01 20:34 - 2014-12-01 20:34 - 00001279 _____ () C:\Users\Sabrina\Desktop\suchlauf1.txt
2014-12-01 20:28 - 2014-12-01 20:28 - 00010017 _____ () C:\Users\Sabrina\Desktop\G DATA Protokoll ID 4.html
2014-12-01 19:55 - 2014-12-01 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 19:54 - 2014-12-01 19:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-2.0.3.1025.exe
2014-12-01 19:54 - 2014-12-01 19:54 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-01 19:54 - 2014-12-01 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-01 19:54 - 2014-12-01 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 19:54 - 2014-12-01 19:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-01 19:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-01 19:54 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-01 19:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-01 18:59 - 2014-12-01 18:59 - 00106272 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GRD.sys
2014-12-01 18:59 - 2014-12-01 18:59 - 00018160 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GdPhyMem.sys
2014-12-01 18:58 - 2014-12-01 18:58 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\OpenOffice
2014-12-01 18:53 - 2014-12-01 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL PROTECTION
2014-12-01 18:50 - 2014-12-01 18:50 - 00003028 _____ () C:\Users\Sabrina\Desktop\G DATA Protokoll ID 1.html
2014-12-01 18:24 - 2014-12-01 18:53 - 00002002 _____ () C:\Users\Public\Desktop\G DATA TOTAL PROTECTION.lnk
2014-12-01 18:24 - 2014-12-01 18:24 - 00064000 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2014-12-01 18:23 - 2014-12-01 18:53 - 00098760 _____ (G Data Software) C:\WINDOWS\system32\Drivers\TS4nt.sys
2014-12-01 18:23 - 2014-12-01 18:53 - 00068608 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2014-12-01 18:23 - 2014-12-01 18:53 - 00020992 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDKBFlt64.sys
2014-12-01 18:23 - 2014-12-01 18:23 - 00142336 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2014-12-01 18:23 - 2014-12-01 18:23 - 00061440 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2014-12-01 18:23 - 2014-12-01 18:23 - 00055808 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2014-12-01 18:23 - 2014-12-01 18:23 - 00000779 _____ () C:\Users\Sabrina\AppData\Roaming\gdscan.log
2014-12-01 18:23 - 2014-12-01 18:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-12-01 18:23 - 2014-12-01 18:23 - 00000000 _____ () C:\Users\Sabrina\AppData\Roaming\gdfw.log
2014-12-01 18:22 - 2014-12-01 18:22 - 00000000 ____D () C:\ProgramData\G DATA Software
2014-12-01 18:20 - 2014-12-01 18:20 - 00000000 ____D () C:\Program Files (x86)\G DATA
2014-12-01 18:17 - 2014-12-01 18:33 - 00000000 ____D () C:\ProgramData\G Data
2014-12-01 18:14 - 2014-12-01 18:16 - 237965560 _____ (G Data Software AG) C:\Users\Sabrina\Downloads\INT_R_BASE_2015_TP.exe
2014-12-01 17:28 - 2014-12-01 17:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\LolClient
2014-12-01 16:28 - 2014-12-01 16:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\NVIDIA Corporation
2014-12-01 16:27 - 2014-12-01 16:27 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\NVIDIA
2014-12-01 16:27 - 2014-12-01 16:27 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-01 16:27 - 2014-11-17 21:02 - 02800296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-12-01 16:27 - 2014-11-17 21:02 - 02197680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-12-01 16:27 - 2014-11-17 21:02 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-12-01 16:27 - 2014-11-17 21:02 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-12-01 16:27 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-12-01 16:27 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-12-01 16:27 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2014-12-01 16:27 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2014-12-01 16:27 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-12-01 16:27 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 20986592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 18514616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 16884632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-12-01 16:25 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434475.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434475.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-12-01 16:25 - 2014-11-13 01:20 - 00027094 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-12-01 16:25 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-12-01 16:25 - 2014-10-03 20:23 - 00035144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-12-01 16:25 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-12-01 16:24 - 2014-12-01 16:24 - 00000000 ____D () C:\NVIDIA
2014-12-01 16:18 - 2014-12-01 16:22 - 308364224 _____ (NVIDIA Corporation) C:\Users\Sabrina\Downloads\344.75-notebook-win8-win7-64bit-international-whql.exe
2014-12-01 12:07 - 2014-12-01 12:07 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-01 12:06 - 2014-12-01 12:09 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Adobe
2014-12-01 12:06 - 2014-12-01 12:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-01 12:06 - 2014-12-01 12:06 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-01 12:04 - 2014-12-01 12:04 - 00001204 _____ () C:\Users\Sabrina\Desktop\OpenOffice 4.1.1.lnk
2014-12-01 12:04 - 2014-12-01 12:04 - 00000000 ___SD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-12-01 12:04 - 2014-12-01 12:04 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-12-01 12:02 - 2014-12-01 12:02 - 164858324 _____ () C:\Users\Sabrina\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2014-12-01 12:02 - 2014-12-01 12:02 - 00000000 ____D () C:\Users\Sabrina\Downloads\OpenOffice 4.1.1 (de) Installation Files
2014-12-01 12:00 - 2014-12-01 12:00 - 00000000 ____D () C:\Users\Sabrina\Documents\SAP
2014-12-01 12:00 - 2014-12-01 12:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\SAP
2014-12-01 11:57 - 2014-12-01 11:55 - 00000234 _____ () C:\WINDOWS\saproute.ini
2014-12-01 11:55 - 2014-12-01 11:55 - 00001469 _____ () C:\Users\Sabrina\Downloads\saplogon.ini
2014-12-01 11:55 - 2014-12-01 11:55 - 00000234 _____ () C:\Users\Sabrina\Downloads\saproute.ini
2014-12-01 11:54 - 2014-12-01 11:55 - 00000000 ____D () C:\saplogon
2014-12-01 11:52 - 2014-12-01 11:52 - 143403656 _____ (SAP AG) C:\Users\Sabrina\Downloads\Patch_Level_10.exe
2014-12-01 11:52 - 2014-07-21 05:50 - 05421056 _____ (SAP AG) C:\WINDOWS\SysWOW64\librfc32u.dll
2014-12-01 11:51 - 2014-12-01 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End
2014-12-01 11:51 - 2014-12-01 11:51 - 00001243 _____ () C:\Users\Public\Desktop\SAP Logon.lnk
2014-12-01 11:51 - 2014-12-01 11:51 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\SAP
2014-12-01 11:51 - 2014-12-01 11:47 - 08847360 _____ (IBM Corporation and others) C:\WINDOWS\SysWOW64\icudt34.dll
2014-12-01 11:51 - 2014-12-01 11:47 - 01355776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvbvm50.dll
2014-12-01 11:51 - 2014-12-01 11:47 - 01069376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00946176 _____ (IBM Corporation and others) C:\WINDOWS\SysWOW64\icuuc34.dll
2014-12-01 11:51 - 2014-12-01 11:47 - 00843776 _____ (IBM Corporation and others) C:\WINDOWS\SysWOW64\icuin34.dll
2014-12-01 11:51 - 2014-12-01 11:47 - 00659264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomct2.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00614992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00443488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshflxgd.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00415552 _____ (Microsoft Corporation ) C:\WINDOWS\SysWOW64\comct332.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatgrd.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00258880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msflxgrd.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tabctl32.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00218432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\richtx32.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00170080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comct232.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00155984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlbinf32.dll
2014-12-01 11:51 - 2014-12-01 11:47 - 00133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcans32.dll
2014-12-01 11:51 - 2014-12-01 11:47 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstdfmt.dll
2014-12-01 11:51 - 2014-12-01 11:47 - 00094744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\grid32.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstkprp.dll
2014-12-01 11:51 - 2014-12-01 11:47 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ATL71.dll
2014-12-01 11:51 - 2014-12-01 11:47 - 00067376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysinfo.ocx
2014-12-01 11:51 - 2014-12-01 11:47 - 00001818 _____ () C:\WINDOWS\SysWOW64\icu_license.txt
2014-12-01 11:51 - 2014-12-01 11:45 - 01064960 _____ () C:\WINDOWS\SysWOW64\h5krnl32.dll
2014-12-01 11:51 - 2014-12-01 11:45 - 00188928 _____ () C:\WINDOWS\SysWOW64\h5icon32.dll
2014-12-01 11:51 - 2014-12-01 11:45 - 00175616 _____ () C:\WINDOWS\SysWOW64\h5menu32.dll
2014-12-01 11:51 - 2014-12-01 11:45 - 00114688 _____ (heilerSoftware) C:\WINDOWS\SysWOW64\h5dlg32.dll
2014-12-01 11:51 - 2014-12-01 11:45 - 00095744 _____ () C:\WINDOWS\SysWOW64\h5rtf32.dll
2014-12-01 11:51 - 2014-12-01 11:45 - 00051200 _____ () C:\WINDOWS\SysWOW64\h5tool32.dll
2014-12-01 11:51 - 2014-07-21 05:51 - 01722392 _____ (SAP, Walldorf) C:\WINDOWS\SysWOW64\SAPbtmp.dll
2014-12-01 11:51 - 2014-07-21 05:50 - 04473856 _____ (SAP AG) C:\WINDOWS\SysWOW64\librfc32.dll
2014-12-01 11:49 - 2014-12-01 11:51 - 00000000 ____D () C:\Program Files (x86)\SAP
2014-12-01 11:44 - 2014-12-01 11:44 - 00000000 ____D () C:\Users\Sabrina\Documents\SAP_GUI_730_for_WIN_Compilation_2
2014-12-01 10:44 - 2014-12-01 10:45 - 00005067 _____ () C:\Users\Sabrina\Downloads\openvpn-hs-augsburg.ovpn
2014-12-01 10:42 - 2014-12-01 10:42 - 00000935 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-12-01 10:42 - 2014-12-01 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-12-01 10:42 - 2014-12-01 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-12-01 10:42 - 2014-12-01 10:42 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-01 10:42 - 2014-12-01 10:42 - 00000000 ____D () C:\Program Files\OpenVPN
2014-12-01 10:30 - 2014-12-01 10:41 - 01811856 _____ () C:\Users\Sabrina\Downloads\openvpn-install-2.3.5-I001-x86_64.exe
2014-12-01 00:10 - 2014-12-01 00:10 - 00000000 ____D () C:\Users\Public\Pokki
2014-12-01 00:09 - 2014-12-01 20:13 - 00002132 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2014-12-01 00:09 - 2014-12-01 09:57 - 00002303 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-01 00:09 - 2014-12-01 00:09 - 00002363 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2014-12-01 00:06 - 2014-12-01 20:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1897811959-3106102651-190997941-1002
2014-12-01 00:02 - 2014-12-01 00:02 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Macromedia
2014-12-01 00:02 - 2014-12-01 00:02 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Intel Corporation
2014-12-01 00:01 - 2014-12-01 20:13 - 00009870 _____ () C:\Users\Sabrina\AppData\Local\BTServer.log
2014-12-01 00:01 - 2014-12-01 12:09 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Adobe
2014-12-01 00:01 - 2014-12-01 00:09 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Hightail for Lenovo
2014-12-01 00:01 - 2014-12-01 00:01 - 00001461 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-01 00:01 - 2014-12-01 00:01 - 00001260 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BTServer Toasts App.lnk
2014-12-01 00:01 - 2014-12-01 00:01 - 00000000 ____D () C:\Users\Sabrina\Documents\My Bluetooth
2014-12-01 00:01 - 2014-12-01 00:01 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\VirtualStore
2014-12-01 00:00 - 2014-12-01 20:14 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Pokki
2014-12-01 00:00 - 2014-12-01 00:01 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\LenovoBrowserGuard
2014-12-01 00:00 - 2014-12-01 00:01 - 00000000 ____D () C:\Users\Sabrina
2014-12-01 00:00 - 2014-12-01 00:00 - 00000020 ___SH () C:\Users\Sabrina\ntuser.ini
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Vorlagen
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Startmenü
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Netzwerkumgebung
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Lokale Einstellungen
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Eigene Dateien
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Druckumgebung
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Documents\Eigene Musik
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Documents\Eigene Bilder
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\AppData\Local\Verlauf
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\AppData\Local\Anwendungsdaten
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 _SHDL () C:\Users\Sabrina\Anwendungsdaten
2014-12-01 00:00 - 2014-12-01 00:00 - 00000000 ____D () C:\ProgramData\eBay
2014-12-01 00:00 - 2014-11-30 19:09 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Packages
2014-12-01 00:00 - 2014-09-21 07:24 - 00000000 ___RD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-01 00:00 - 2014-03-18 11:05 - 00000000 ___RD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-01 00:00 - 2014-03-18 10:55 - 00000369 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-01 00:00 - 2014-03-18 10:55 - 00000369 _____ () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-01 00:00 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-01 00:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Programme
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-11-30 20:04 - 2014-11-30 20:04 - 00000000 ____D () C:\ProgramData\Riot Games
2014-11-30 20:02 - 2014-11-30 20:02 - 00001625 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-11-30 20:02 - 2014-11-30 20:02 - 00000000 ____D () C:\Riot Games
2014-11-30 20:02 - 2014-11-30 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-11-30 20:02 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2014-11-30 20:02 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2014-11-30 20:02 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2014-11-30 20:02 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2014-11-30 20:02 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2014-11-30 20:01 - 2014-11-30 20:02 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Riot Games
2014-11-30 20:00 - 2014-11-30 20:00 - 30668968 _____ (Riot Games) C:\Users\Sabrina\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Lenovo
2014-11-30 19:17 - 2014-11-30 19:17 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Mozilla
2014-11-30 19:17 - 2014-11-30 19:17 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Mozilla
2014-11-30 19:16 - 2014-11-30 19:16 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-30 19:16 - 2014-11-30 19:16 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-30 19:16 - 2014-11-30 19:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-30 19:16 - 2014-11-30 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-30 19:16 - 2014-11-30 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-30 19:14 - 2014-11-30 19:14 - 00000000 __SHD () C:\Users\Sabrina\AppData\Local\EmieUserList
2014-11-30 19:14 - 2014-11-30 19:14 - 00000000 __SHD () C:\Users\Sabrina\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 21:30 - 2014-09-21 07:06 - 00605743 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-01 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-01 20:17 - 2014-09-21 16:53 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-01 20:17 - 2014-09-21 16:53 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-01 20:17 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-01 20:11 - 2014-09-21 08:25 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2014-12-01 20:11 - 2014-03-18 10:44 - 00006498 _____ () C:\WINDOWS\PFRO.log
2014-12-01 20:11 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-01 20:10 - 2014-09-21 07:46 - 00111932 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-01 18:35 - 2014-09-21 08:20 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-01 18:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-01 18:23 - 2014-09-21 07:05 - 00048082 _____ () C:\WINDOWS\DPINST.LOG
2014-12-01 18:23 - 2013-08-22 15:46 - 00019832 _____ () C:\WINDOWS\setupact.log
2014-12-01 16:28 - 2014-09-21 07:31 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-01 16:27 - 2014-09-21 07:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-01 16:27 - 2014-09-21 07:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-01 16:27 - 2014-09-21 07:30 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-01 16:26 - 2014-09-21 07:48 - 00000000 ____D () C:\WINDOWS\LastGood
2014-12-01 13:50 - 2013-08-22 15:44 - 00375064 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-01 11:51 - 2013-08-22 14:25 - 00021259 _____ () C:\WINDOWS\system32\Drivers\etc\services
2014-12-01 11:47 - 2014-09-21 08:23 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-12-01 00:07 - 2014-09-21 08:19 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-01 00:05 - 2014-09-21 08:19 - 00000000 ____D () C:\ProgramData\Lenovo
2014-12-01 00:01 - 2014-09-21 16:47 - 00123414 ____H () C:\WINDOWS\modules.log
2014-12-01 00:01 - 2014-09-21 08:18 - 00000000 ____D () C:\Program Files (x86)\LenovoBrowserGuard
2014-12-01 00:01 - 2014-04-03 20:15 - 00000000 ____D () C:\WINDOWS\Panther
2014-11-30 23:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-30 23:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-11-30 23:33 - 2013-08-22 14:36 - 00000000 ___HD () C:\Users\Default
2014-11-30 21:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-30 19:57 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-30 19:55 - 2014-09-21 08:19 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-11-30 19:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-30 18:54 - 2014-09-21 08:25 - 00007360 _____ () C:\WINDOWS\SysWOW64\VisualDiscovery.ini
2014-11-30 18:54 - 2014-09-21 08:25 - 00004784 _____ () C:\WINDOWS\SysWOW64\VisualDiscoveryOff.ini
2014-11-30 18:54 - 2014-09-21 08:25 - 00004784 _____ () C:\WINDOWS\system32\VisualDiscoveryOff.ini
2014-11-30 18:37 - 2014-09-21 08:28 - 00000000 ____D () C:\ProgramData\Office2013
2014-11-13 01:20 - 2014-09-21 07:30 - 03262784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-11-13 01:20 - 2014-09-21 07:30 - 02874456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-11-12 22:56 - 2014-09-21 07:31 - 06897352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-11-12 22:56 - 2014-09-21 07:31 - 03534152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-11-12 22:56 - 2014-09-21 07:31 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-11-12 22:56 - 2014-09-21 07:31 - 01092752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2014-11-12 22:56 - 2014-09-21 07:31 - 00934032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-11-12 22:56 - 2014-09-21 07:31 - 00625472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2014-11-12 22:56 - 2014-09-21 07:31 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-11-12 22:56 - 2014-09-21 07:31 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2014-11-12 22:56 - 2014-09-21 07:31 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-11-11 11:29 - 2014-09-21 07:31 - 04100776 _____ () C:\WINDOWS\system32\nvcoproc.bin

Some content of TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\oct728E.tmp.exe
C:\Users\Sabrina\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-30 20:59

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by Sabrina at 2014-12-01 21:48:38
Running from C:\Users\Sabrina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA TOTAL PROTECTION (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA TOTAL PROTECTION (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
 Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
G DATA TOTAL PROTECTION (HKLM-x32\...\{6715BEB5-01F1-41AC-B44B-0A78CD50C433}) (Version: 25.0.2.3 - G DATA Software AG)
Host App Service (HKU\S-1-5-21-1897811959-3106102651-190997941-1002\...\Pokki) (Version: 0.269.4.103 - Pokki)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.50.5 - ClientConnect LTD)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.17.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-1897811959-3106102651-190997941-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.5-I001  (HKLM\...\OpenVPN) (Version: 2.3.5-I001 - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.802.010814 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
SAP GUI for Windows 7.30 (Patch 10) (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Start Menu (HKU\S-1-5-21-1897811959-3106102651-190997941-1002\...\Pokki_Start_Menu) (Version: 0.269.4.103 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.74 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1897811959-3106102651-190997941-1002_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

30-11-2014 17:24:34 Removed Cisco EAP-FAST Module

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {194EFF5D-D036-4A4C-83AE-E86874E039EC} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {24A04EF8-4ABF-4B19-B5A6-AEAF978354FB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {D89AA2B4-8A71-40DB-BA2D-44AC5FD41CFF} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {E6057FDA-91FC-4013-B86C-4CEB8148A35F} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-01] (Lenovo)

==================== Loaded Modules (whitelisted) =============

2014-09-21 07:31 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-21 07:39 - 2014-01-06 13:56 - 00079872 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-09-21 08:23 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-21 08:25 - 2014-09-21 08:25 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-09-21 08:25 - 2014-09-21 08:25 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-09-21 07:46 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-10-02 19:07 - 2014-10-02 19:07 - 00569856 _____ () C:\Users\Sabrina\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2014-10-02 19:07 - 2014-10-02 19:07 - 01400846 _____ () C:\Users\Sabrina\AppData\Local\Pokki\Engine\avcodec-54.dll
2014-10-02 19:07 - 2014-10-02 19:07 - 00151054 _____ () C:\Users\Sabrina\AppData\Local\Pokki\Engine\avutil-51.dll
2014-10-02 19:07 - 2014-10-02 19:07 - 00222734 _____ () C:\Users\Sabrina\AppData\Local\Pokki\Engine\avformat-54.dll
2014-09-21 07:36 - 2013-09-16 20:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-30 19:16 - 2014-11-14 03:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1897811959-3106102651-190997941-500 - Administrator - Disabled)
Gast (S-1-5-21-1897811959-3106102651-190997941-501 - Limited - Disabled)
Sabrina (S-1-5-21-1897811959-3106102651-190997941-1002 - Administrator - Enabled) => C:\Users\Sabrina

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2014 06:33:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]

Error: (12/01/2014 06:24:52 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]

Error: (12/01/2014 04:58:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1778

Startzeit: 01d00d7f866f4367

Endzeit: 4294967295

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Berichts-ID: d1505df7-7972-11e4-8262-28d244effd47

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/30/2014 06:44:09 PM) (Source: nlsX86cc) (EventID: 0) (User: )
Description: Stop request seennlsX86cc error: 0

Error: (11/30/2014 11:41:06 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Die indizierten Daten von Windows Search für den Benutzer '<Event xmlns='hxxp://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-11-30T22:41:06.000000000Z'/><EventRecordID>535</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Brinizi</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200720069006E0069007A0069005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' können im Zuge der Löschung des Benutzerprofils nicht entfernt werden. Fehlercode %2.

%3.


System errors:
=============
Error: (12/01/2014 06:51:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst GDBackupSvc erreicht.

Error: (12/01/2014 06:32:38 PM) (Source: DCOM) (EventID: 10010) (User: Brinizi)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/01/2014 06:32:08 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/01/2014 06:31:38 PM) (Source: DCOM) (EventID: 10010) (User: Brinizi)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/01/2014 04:20:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1

Error: (12/01/2014 04:19:33 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/01/2014 00:14:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Boot Delay Start Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/01/2014 00:14:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Boot Delay Start Service erreicht.

Error: (12/01/2014 00:14:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1

Error: (12/01/2014 00:14:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (12/01/2014 06:33:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]

Error: (12/01/2014 06:24:52 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]

Error: (12/01/2014 04:58:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.0177801d00d7f866f43674294967295C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exed1505df7-7972-11e4-8262-28d244effd47

Error: (11/30/2014 06:44:09 PM) (Source: nlsX86cc) (EventID: 0) (User: )
Description: Stop request seennlsX86cc error: 0

Error: (11/30/2014 11:41:06 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: <Event xmlns='hxxp://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-11-30T22:41:06.000000000Z'/><EventRecordID>535</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Brinizi</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200720069006E0069007A0069005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 31%
Total physical RAM: 8084.27 MB
Available physical RAM: 5507.59 MB
Total Pagefile: 10004.27 MB
Available Pagefile: 6878.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.49 GB) (Free:847.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7B4728A6)

Partition: GPT Partition Type.

==================== End Of Log ============================

Jetzt ist aber ein Problem noch aufgetaucht, G DATA hat wieder iwas in die Quarantäne verschoben von diesem Download. Was st das jetzt wieder genau??????? ich bin so verwirrt!

Code:

ATTFilter

*** Prozess ***

Prozess: 6536
Dateiname: erunt.exe
Pfad: c:\windows\erunt.exe

Herausgeber: Unbekannter Herausgeber
Erstelldatum: 02/22/13 15:05:21
Änderungsdatum: 02/22/13 02:04:50

Gestartet von: cmd.exe
Herausgeber: Microsoft Windows


*** Aktionen ***

Ein Packer wurde auf die Programmdatei angewandt. Möglicherweise um schädliche Inhalte zu verbergen.
Das Programm hat in Dateien oder Ordnern geschrieben die genutzt werden können um das System zu gefährden.
Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden.


*** Quarantäne ***

Folgende Dateien wurden in Quarantäne verschoben:
C:\FRST\Hives\Users\00000001\NTUSER.DAT
C:\Windows\ERUNT.exe
c:\frst\hives\users\00000001\ntuser.dat

Folgende Registry Einträge wurden gelöscht:
\REGISTRY\MACHINE\SECURITY


YGLRtuLAcnJycmJi0HJycnJiYuBycicnd2JicCp0ckInJyYGt3JycnJiYnAsJycnJyYGaHJycnJiYoArJycnJyYGmXJykCsWbSsJyXJycKdycnB4cnJycmJicJlycnJyYmJwunKxXmO2cnKxXmO2cmJicI5ycgAA
Version der Regeln: 4.7.0
OS: Windows 6.2 Service Pack 0.0 Build: 9200 - Workstation 64bit OS
Version der dll: 40166

ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
MD5: 2E0323A94915FAAB10A25F3BABF82584
C:\WINDOWS\system32\cmd.exe /c ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
MD5:

schrauber · 02.12.2014, 18:30

Fehlerkennung vob GDATA.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

uninstall.exe und anderes entdeckt [Laptop 2 Tage alt]

Plagegeister aller Art und deren Bekämpfung: uninstall.exe und anderes entdeckt [Laptop 2 Tage alt]