Conny 12 | 13.08.2014 11:47 | FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by contesssa at 2014-08-13 12:39:03
Running from C:\Users\contesssa\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar Engine (HKCU\...\{f6f7e3e1-d1e6-4adc-b2c8-4f9946a84573}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-08-2014 13:29:52 Windows Update
11-08-2014 17:14:27 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {028F7BA2-6F53-4A86-973A-B72EBE6D73A6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11713C7D-CDD5-4ED6-A865-89685117D6DE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {15CFED45-5261-4590-A96F-47EBB8A1961D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31C2A7A0-4892-4BD0-AD93-4A752D1796A5} - System32\Tasks\Lenovo\LenovoMachineInformation => C:\Program Files\lenovo\SystemAgent\MachineInformation.exe [2013-05-02] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41B089C1-D45B-41BD-A1C7-B07E874EF3EE} - System32\Tasks\Lenovo\LenovoWarrantyChinaTask => C:\Program Files\lenovo\SystemAgent\ChinaWarrantyService.exe [2013-05-02] ()
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4ADE1941-F662-4498-8972-B198A70241BF} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-05-02] ()
Task: {578DA71D-4792-49E5-A998-82BD10017897} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {6A22210D-76C7-4A29-AFE1-B08943249160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EEFEB6A-289F-4D4E-9025-A535969B0364} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C93EE21-3136-4695-881A-2F45783050C1} - System32\Tasks\SoftUpdateLogon => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {927CF79C-0219-4928-9A28-263935B64716} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1361BB9-0188-439D-9100-D20F39CDF21E} - System32\Tasks\SoftUpdateDaily => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {A56F93A8-C213-4A7D-90F0-3EE0E5551C59} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {AA05510B-0EE5-4260-9FB0-84CE84E4290A} - System32\Tasks\Lenovo\LenovoUserguidesCopy => C:\Program Files\lenovo\SystemAgent\UserguidesCopy.exe [2013-05-02] ()
Task: {B379786F-D38D-47CD-AB65-82CA8CF66164} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {B8A14DF3-0A9A-437A-B5D8-9D3CF10694E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {C4583446-F249-471E-B139-442A743C0538} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D97C9F57-3822-4C1D-9B29-ACDB7995D42B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 21:52 - 2014-04-25 21:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7a891719ed7b38bb959d812adc580f5c\PSIClient.ni.dll
2013-07-23 14:55 - 2012-10-23 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\contesssa\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "fst_de_99"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/08/2014 02:20:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002f8c7
ID des fehlerhaften Prozesses: 0x338
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
Error: (08/08/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MachineInformation.exe, Version: 1.5.33.0, Zeitstempel: 0x51826efc
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0xa08
Startzeit der fehlerhaften Anwendung: 0xMachineInformation.exe0
Pfad der fehlerhaften Anwendung: MachineInformation.exe1
Pfad des fehlerhaften Moduls: MachineInformation.exe2
Berichtskennung: MachineInformation.exe3
Vollständiger Name des fehlerhaften Pakets: MachineInformation.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MachineInformation.exe5
Error: (08/08/2014 01:14:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MachineInformation.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
Stapel:
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
bei System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
bei System.Xml.XmlDocument.Save(System.String)
bei MachineInformation.Program.Main(System.String[])
Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x7ac
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5
Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x1698
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5
Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5
Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00040833
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x17d8
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5
Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0004082f
ID des fehlerhaften Prozesses: 0x31c
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000420d5
ID des fehlerhaften Prozesses: 0x1060
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
System errors:
=============
Error: (08/12/2014 06:22:46 PM) (Source: DCOM) (EventID: 10010) (User: CONNY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (08/12/2014 06:07:08 PM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/12/2014 06:05:57 PM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/12/2014 06:05:38 PM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/12/2014 06:05:14 PM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/12/2014 06:05:14 PM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/12/2014 06:05:14 PM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/12/2014 06:05:14 PM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/12/2014 06:05:14 PM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/12/2014 06:05:14 PM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Microsoft Office Sessions:
=========================
Error: (08/08/2014 02:20:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764adwcleaner_3.303.exe3.3.0.353e28764c00000fd0002f8c733801cfb301e0f89fa8C:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\Users\contesssa\Downloads\adwcleaner_3.303.exe714e0251-1ef6-11e4-beac-50af735ae431
Error: (08/08/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MachineInformation.exe1.5.33.051826efcKERNELBASE.dll6.3.9600.17055532943a3e043435200011d4da0801cfb2f9e3c75422C:\Program Files\lenovo\SystemAgent\MachineInformation.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll3988c9de-1eed-11e4-beac-50af735ae431
Error: (08/08/2014 01:14:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MachineInformation.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
Stapel:
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
bei System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
bei System.Xml.XmlDocument.Save(System.String)
bei MachineInformation.Program.Main(System.String[])
Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb7ac01cfb2e08e8e82efC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.execc5548e0-1ed3-11e4-beab-50af735ae431
Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb169801cfb2e076bccfddC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeb48395f0-1ed3-11e4-beab-50af735ae431
Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb105c01cfb2e06a3eb7e1C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exea81fb835-1ed3-11e4-beab-50af735ae431
Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd00040833a4001cfb2def9b5901dC:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\WINDOWS\SYSTEM32\ntdll.dll430badd9-1ed3-11e4-beab-50af735ae431
Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb17d801cfb2df56b93864C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exe94fbfab5-1ed2-11e4-beab-50af735ae431
Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd0004082f31c01cfb285dd2e28ccC:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\WINDOWS\SYSTEM32\ntdll.dll6b033e8d-1e79-11e4-beab-50af735ae431
Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd000420d5106001cfb235b75a7506C:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\WINDOWS\SYSTEM32\ntdll.dll5f2b7dbb-1e29-11e4-beab-50af735ae431
CodeIntegrity Errors:
===================================
Date: 2014-07-20 13:18:25.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2014-07-20 13:18:12.580
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2014-02-25 21:57:06.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
Date: 2014-02-25 21:57:06.682
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
Date: 2013-11-03 01:10:55.629
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-03 00:59:03.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 09:18:13.111
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 08:44:57.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 08:38:59.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 01:14:32.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz
Percentage of memory in use: 35%
Total physical RAM: 3975.27 MB
Available physical RAM: 2558.86 MB
Total Pagefile: 4679.27 MB
Available Pagefile: 2941.99 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:426.23 GB) (Free:370.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.57 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3FD8BFE0)
Partition: GPT Partition Type.
==================== End Of Log ============================ --- --- ---
Sei gegrüßt es gibt keine Probleme mit der Malware. Viele Grüße Conny
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by contesssa (administrator) on CONNY on 13-08-2014 12:38:04
Running from C:\Users\contesssa\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [GoogleChromeAutoLaunch_8856B223242C46EC7E7BB0B38EB6BDE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:50714;https=127.0.0.1:50714
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {B8685F37-302D-4748-8F8A-0CC05A05EA7B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL:
CHR Extension: (Avira Sparberater) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-02] (LENOVO INCORPORATED.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-28] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-24] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-09] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 12:37 - 2014-08-13 12:37 - 00000000 ____D () C:\Users\contesssa\Downloads\FRST-OlderVersion
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 _____ () C:\Neues Textdokument.txt
2014-08-11 18:51 - 2014-08-11 18:51 - 01366203 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.304.exe
2014-08-11 17:38 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-08-11 17:31 - 2014-08-12 18:23 - 00001210 _____ () C:\WINDOWS\PFRO.log
2014-08-08 13:32 - 2014-08-08 15:02 - 00001156 _____ () C:\anti malware.txt
2014-08-08 12:47 - 2014-08-13 11:41 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 12:47 - 2014-08-08 12:47 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 12:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-08 12:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-08 12:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-08 12:46 - 2014-08-08 12:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\contesssa\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 12:04 - 2014-08-12 19:37 - 00000000 ____D () C:\AdwCleaner
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:24 - 2014-08-08 13:39 - 00032533 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 15:23 - 2014-08-13 12:38 - 00014086 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-04 15:19 - 2014-08-13 12:38 - 00000000 ____D () C:\FRST
2014-08-04 15:18 - 2014-08-13 12:37 - 02100224 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:56 - 2014-08-04 15:20 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 10:23 - 2014-08-13 12:07 - 00609595 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 11:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-21 10:29 - 2014-07-21 10:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-15 00:37 - 2014-07-19 13:00 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-14 21:08 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 12:38 - 2014-08-04 15:23 - 00014086 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-13 12:38 - 2014-08-04 15:19 - 00000000 ____D () C:\FRST
2014-08-13 12:37 - 2014-08-13 12:37 - 00000000 ____D () C:\Users\contesssa\Downloads\FRST-OlderVersion
2014-08-13 12:37 - 2014-08-04 15:18 - 02100224 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-13 12:30 - 2014-02-26 14:46 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 12:07 - 2014-08-04 10:23 - 00609595 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-13 12:02 - 2013-10-18 00:55 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1714798670-2283502341-2433251003-1001
2014-08-13 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-13 11:52 - 2014-01-09 23:17 - 00000000 ____D () C:\Users\contesssa
2014-08-13 11:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-13 11:47 - 2014-02-26 14:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-13 11:45 - 2014-01-10 00:24 - 00000000 __RDO () C:\Users\contesssa\SkyDrive
2014-08-13 11:43 - 2014-01-29 17:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85B33DF1-38E0-4A33-B992-7D2DC8C2FBAA}
2014-08-13 11:41 - 2014-08-08 12:47 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 11:41 - 2014-02-26 14:46 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 19:37 - 2014-08-07 12:04 - 00000000 ____D () C:\AdwCleaner
2014-08-12 18:25 - 2013-10-26 15:33 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nitro PDF
2014-08-12 18:24 - 2014-03-13 21:38 - 00000182 _____ () C:\Users\contesssa\AppData\Local\RegisteredPackageInformation.xml
2014-08-12 18:23 - 2014-08-11 17:31 - 00001210 _____ () C:\WINDOWS\PFRO.log
2014-08-12 18:23 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-12 18:22 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 _____ () C:\Neues Textdokument.txt
2014-08-12 17:36 - 2013-10-27 22:03 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Skype
2014-08-11 19:44 - 2013-10-23 18:45 - 00000000 ____D () C:\Conny
2014-08-11 18:51 - 2014-08-11 18:51 - 01366203 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.304.exe
2014-08-11 17:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-11 17:31 - 2014-03-02 11:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 15:02 - 2014-08-08 13:32 - 00001156 _____ () C:\anti malware.txt
2014-08-08 13:39 - 2014-08-04 15:24 - 00032533 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-08 12:47 - 2014-08-08 12:47 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 12:46 - 2014-08-08 12:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\contesssa\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:20 - 2014-08-04 14:56 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:11 - 2013-10-26 15:04 - 00000000 ____D () C:\ProgramData\tmp
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-08-03 11:50 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-03 11:50 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-03 11:50 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-22 11:52 - 2013-10-17 16:57 - 00000000 ___RD () C:\Users\contesssa\Desktop\Anwendungen
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-22 11:43 - 2013-10-27 21:46 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-22 11:27 - 2013-10-27 16:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-22 01:30 - 2013-10-27 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:41 - 2014-07-21 10:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-20 13:27 - 2014-04-14 14:56 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-07-19 13:00 - 2014-07-15 00:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 11:58 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-15 16:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 00:37 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 00:30 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 21:19 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 21:17 - 2013-10-25 14:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-14 21:15 - 2013-10-25 14:05 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\contesssa\AppData\Local\Temp\avgnt.exe
C:\Users\contesssa\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\contesssa\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-13 12:02
==================== End Of Log ============================ --- --- ---
--- --- --- |